From ea1d973957ce3662c7fb22046c34b62f72f0e624 Mon Sep 17 00:00:00 2001 From: Ron Date: Sun, 29 Jun 2014 16:16:36 +0930 Subject: [PATCH] Don't create disk images world readable and executable Python's os.open() defaults to mode 0777 if not explicitly specified. Disk image files don't need to be executable, and having them world readable isn't an ideal situation either. Owner writable and group readable is probably more than sufficient when initially creating them. Signed-off-by: Ron Lee --- virtinst/diskbackend.py | 4 ++-- virtinst/urlfetcher.py | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py index 5f72d004a..2c74a1121 100644 --- a/virtinst/diskbackend.py +++ b/virtinst/diskbackend.py @@ -383,7 +383,7 @@ class StorageCreator(_StorageBase): sparse = True fd = None try: - fd = os.open(self._path, os.O_WRONLY | os.O_CREAT) + fd = os.open(self._path, os.O_WRONLY | os.O_CREAT, 0640) os.ftruncate(fd, size_bytes) finally: if fd: @@ -401,7 +401,7 @@ class StorageCreator(_StorageBase): try: try: src_fd = os.open(self._clone_path, os.O_RDONLY) - dst_fd = os.open(self._path, os.O_WRONLY | os.O_CREAT) + dst_fd = os.open(self._path, os.O_WRONLY | os.O_CREAT, 0640) i = 0 while 1: diff --git a/virtinst/urlfetcher.py b/virtinst/urlfetcher.py index fba70f9be..b51e52476 100644 --- a/virtinst/urlfetcher.py +++ b/virtinst/urlfetcher.py @@ -67,7 +67,7 @@ class _ImageFetcher(object): prefix = "virtinst-" + prefix if "VIRTINST_TEST_SUITE" in os.environ: fn = os.path.join(".", prefix) - fd = os.open(fn, os.O_RDWR | os.O_CREAT) + fd = os.open(fn, os.O_RDWR | os.O_CREAT, 0640) else: (fd, fn) = tempfile.mkstemp(prefix=prefix, dir=self.scratchdir)