From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 17 May 2008 14:15:26 +0000 (+0200)
Subject: Make ssh-keys.tar.gz readable only by the user.
X-Git-Tag: userdir-ldap-0.3.25
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=1333fb1293beba4cf4e5e229055b1872eba8f3c8

Make ssh-keys.tar.gz readable only by the user.
---

diff --git a/debian/changelog b/debian/changelog
index 9566789..b71d365 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+userdir-ldap (0.3.25) unstable; urgency=low
+
+  * Make ssh-keys.tar.gz readable only by the user.
+
+ -- Peter Palfrader <weasel@debian.org>  Sat, 17 May 2008 16:14:56 +0200
+
 userdir-ldap (0.3.24) unstable; urgency=low
 
   * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
diff --git a/ud-generate b/ud-generate
index 1ad51f9..6103fa8 100755
--- a/ud-generate
+++ b/ud-generate
@@ -968,7 +968,9 @@ while(1):
    # Now we know who we're allowing on the machine, export
    # the relevant ssh keys
    if MultipleSSHFiles:
+      OldMask = os.umask(0077);
       tf = tarfile.open(name=os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
+      os.umask(OldMask);
       for f in userlist.keys():
         if f not in SSHFiles:
             continue