From 70b753cd31fd2a00b7e22b1de4eb70416d018cd8 Mon Sep 17 00:00:00 2001 From: Xiretza Date: Mon, 9 May 2022 16:17:56 +0200 Subject: [PATCH] fix: don't create secrets file as world-readable (#136) --- etebase_server/utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etebase_server/utils.py b/etebase_server/utils.py index 64ed657..9f56457 100644 --- a/etebase_server/utils.py +++ b/etebase_server/utils.py @@ -13,6 +13,8 @@ # along with this program. If not, see . from django.core.management import utils +import os +import stat def get_secret_from_file(path): @@ -21,6 +23,7 @@ def get_secret_from_file(path): return f.read().strip() except EnvironmentError: with open(path, "w") as f: + os.chmod(path, stat.S_IRUSR | stat.S_IWUSR) secret_key = utils.get_random_secret_key() f.write(secret_key) return secret_key