Merge remote-tracking branch 'refs/remotes/ivan/feature/restrict-certificates-permissions' into develop

author: Tomás Touceda <chiiph@leap.se> 2014-07-24 11:05:41 -0300
committer: Tomás Touceda <chiiph@leap.se> 2014-07-24 11:05:41 -0300
commit: e7de22a844cef0067946a2af4ec464314cf37e0d (patch)
tree: 007db937e4212660baced51f7ed77045d1536d49
parent: 70f8f9ff06dd4ee52fba4b3bc35ead530242552b (diff)
parent: 227a31d8892c67c64beebe5135cc850dfa71c3c6 (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/changes/feature_restrict-certificates-permissions b/changes/feature_restrict-certificates-permissions
new file mode 100644
index 00000000..6bd6c015
--- /dev/null
+++ b/changes/feature_restrict-certificates-permissions
@@ -0,0 +1 @@
+- Restrict access to the zmq certificates folder.
diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py
index 54a16fd7..65bf6753 100644
--- a/src/leap/bitmask/backend/utils.py
+++ b/src/leap/bitmask/backend/utils.py
@@ -19,6 +19,7 @@ Backend utilities to handle ZMQ certificates.
 """
 import os
 import shutil
+import stat
 
 import zmq.auth
 
@@ -36,6 +37,8 @@ def generate_certificates():
     if os.path.exists(KEYS_DIR):
         shutil.rmtree(KEYS_DIR)
     mkdir_p(KEYS_DIR)
+    # set permissions to: 0700 (U:rwx G:--- O:---)
+    os.chmod(KEYS_DIR, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
 
     # create new keys in certificates dir
     # public_file, secret_file = create_certificates(...)
author	Tomás Touceda <chiiph@leap.se>	2014-07-24 11:05:41 -0300
committer	Tomás Touceda <chiiph@leap.se>	2014-07-24 11:05:41 -0300
commit	e7de22a844cef0067946a2af4ec464314cf37e0d (patch)
tree	007db937e4212660baced51f7ed77045d1536d49
parent	70f8f9ff06dd4ee52fba4b3bc35ead530242552b (diff)
parent	227a31d8892c67c64beebe5135cc850dfa71c3c6 (diff)