changeset 9:e58bfc7fc207

Make multipass files default all-readable.
author Paul Fisher <paul@pfish.zone>
date Sun, 25 Oct 2015 10:45:32 -0400
parents 4db389f948c9
children 1246b4b9028b
files file/file.go
diffstat 1 files changed, 9 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/file/file.go	Sun Oct 25 00:03:06 2015 -0400
+++ b/file/file.go	Sun Oct 25 10:45:32 2015 -0400
@@ -143,9 +143,10 @@
 	h := new(writeHandle)
 	h.tempName = tempName
 	h.fileName = fileName
-	// Open the output file, readable only by the current user.
+	// Open the output file, readable by everybody, but only if it doesn't exist.
+	// This prevents race conditions.
 	oldUmask := unix.Umask(077)
-	tempFile, err := os.Create(tempName)
+	tempFile, err := os.OpenFile(tempName, os.O_CREATE | os.O_EXCL | os.O_WRONLY | os.O_SYNC, 0600)
 	unix.Umask(oldUmask)
 	if err != nil {
 		return nil, err
@@ -178,8 +179,13 @@
 			h.bail()
 			return nil, err
 		}
+	} else {
+		// TODO(pfish): Restrict ACL to only multipass authenticators.
+		if err := h.tempFile.Chmod(0644); err != nil {
+			h.bail()
+			return nil, err
+		}
 	}
-	// TODO(pfish): If there is no input file, set the right permissions + group on the output file.
 	h.writer = bufio.NewWriter(h.tempFile)
 	if _, err := h.writer.WriteString(Banner + "\n"); err != nil {
 		return nil, err