nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-03-11 09:04:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

matrixsynapse: Fix potential exposure of private key

Browse Source 
Setting permissions after copying the file will lead to momentary exposure of
the private key to other users on the system. Use umask instead.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
Sunil Mohan Adapa 2019-02-13 17:52:49 -08:00
parent b53f675f55
commit 3b257c7a58
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
actions/matrixsynapse
View File

@ -86,16 +86,17 @@ def _update_tls_certificate():
dest_certificate_path = os.path.join(dest_dir, 'homeserver.tls.crt')
dest_private_key_path = os.path.join(dest_dir, 'homeserver.tls.key')
# Private key is only accessible to the user "matrix-synapse"
# Group access is prohibited since it is "nogroup"
old_mask = os.umask(0o133)
shutil.copyfile(source_certificate_path, dest_certificate_path)
os.umask(0o177)
shutil.copyfile(source_private_key_path, dest_private_key_path)
os.umask(old_mask)
shutil.chown(dest_certificate_path, user='matrix-synapse', group='nogroup')
shutil.chown(dest_private_key_path, user='matrix-synapse', group='nogroup')
# Private key is only accessible to the user "matrix-synapse"
# Group access is prohibited since it is "nogroup"
os.chmod(dest_private_key_path, 0o600)
def subcommand_post_install(_):
"""Perform post installation configuration."""