Mercurial > go > multipass
changeset 9:e58bfc7fc207
Make multipass files default all-readable.
author | Paul Fisher <paul@pfish.zone> |
---|---|
date | Sun, 25 Oct 2015 10:45:32 -0400 |
parents | 4db389f948c9 |
children | 1246b4b9028b |
files | file/file.go |
diffstat | 1 files changed, 9 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/file/file.go Sun Oct 25 00:03:06 2015 -0400 +++ b/file/file.go Sun Oct 25 10:45:32 2015 -0400 @@ -143,9 +143,10 @@ h := new(writeHandle) h.tempName = tempName h.fileName = fileName - // Open the output file, readable only by the current user. + // Open the output file, readable by everybody, but only if it doesn't exist. + // This prevents race conditions. oldUmask := unix.Umask(077) - tempFile, err := os.Create(tempName) + tempFile, err := os.OpenFile(tempName, os.O_CREATE | os.O_EXCL | os.O_WRONLY | os.O_SYNC, 0600) unix.Umask(oldUmask) if err != nil { return nil, err @@ -178,8 +179,13 @@ h.bail() return nil, err } + } else { + // TODO(pfish): Restrict ACL to only multipass authenticators. + if err := h.tempFile.Chmod(0644); err != nil { + h.bail() + return nil, err + } } - // TODO(pfish): If there is no input file, set the right permissions + group on the output file. h.writer = bufio.NewWriter(h.tempFile) if _, err := h.writer.WriteString(Banner + "\n"); err != nil { return nil, err