From 227a31d8892c67c64beebe5135cc850dfa71c3c6 Mon Sep 17 00:00:00 2001 From: Ivan Alejandro Date: Wed, 23 Jul 2014 12:03:44 -0300 Subject: Restrict access to the zmq certificates folder. --- src/leap/bitmask/backend/utils.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/leap/bitmask/backend') diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py index 54a16fd7..65bf6753 100644 --- a/src/leap/bitmask/backend/utils.py +++ b/src/leap/bitmask/backend/utils.py @@ -19,6 +19,7 @@ Backend utilities to handle ZMQ certificates. """ import os import shutil +import stat import zmq.auth @@ -36,6 +37,8 @@ def generate_certificates(): if os.path.exists(KEYS_DIR): shutil.rmtree(KEYS_DIR) mkdir_p(KEYS_DIR) + # set permissions to: 0700 (U:rwx G:--- O:---) + os.chmod(KEYS_DIR, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) # create new keys in certificates dir # public_file, secret_file = create_certificates(...) -- cgit v1.2.3