From 227a31d8892c67c64beebe5135cc850dfa71c3c6 Mon Sep 17 00:00:00 2001
From: Ivan Alejandro <ivanalejandro0@gmail.com>
Date: Wed, 23 Jul 2014 12:03:44 -0300
Subject: Restrict access to the zmq certificates folder.

---
 src/leap/bitmask/backend/utils.py | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/leap/bitmask/backend')

diff --git a/src/leap/bitmask/backend/utils.py b/src/leap/bitmask/backend/utils.py
index 54a16fd7..65bf6753 100644
--- a/src/leap/bitmask/backend/utils.py
+++ b/src/leap/bitmask/backend/utils.py
@@ -19,6 +19,7 @@ Backend utilities to handle ZMQ certificates.
 """
 import os
 import shutil
+import stat
 
 import zmq.auth
 
@@ -36,6 +37,8 @@ def generate_certificates():
     if os.path.exists(KEYS_DIR):
         shutil.rmtree(KEYS_DIR)
     mkdir_p(KEYS_DIR)
+    # set permissions to: 0700 (U:rwx G:--- O:---)
+    os.chmod(KEYS_DIR, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR)
 
     # create new keys in certificates dir
     # public_file, secret_file = create_certificates(...)
-- 
cgit v1.2.3