security fix - don't allow leap_cli created files to be world/group readable.

author: elijah <elijah@riseup.net> 2013-07-29 20:38:58 -0700
committer: elijah <elijah@riseup.net> 2013-07-29 20:38:58 -0700
commit: e00e5d2b501a0d2727ea84fb1ea3e597e1e37ee4 (patch)
tree: 92901eec53f76e7bc617e47001977cb1b0b614fe /lib/leap_cli/config
parent: 0f92af724ebab6416fc641b57f0a6d43614c25da (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/leap_cli/config/macros.rb b/lib/leap_cli/config/macros.rb
index b5f6a34..ef3a85e 100644
--- a/lib/leap_cli/config/macros.rb
+++ b/lib/leap_cli/config/macros.rb
@@ -97,8 +97,8 @@ module LeapCli; module Config
           # if file is under Path.provider_base, we must copy the default file to
           # to Path.provider in order for rsync to be able to sync the file.
           local_provider_path = actual_path.sub(/^#{Regexp.escape(Path.provider_base)}/, Path.provider)
-          FileUtils.mkdir_p File.dirname(local_provider_path)
-          FileUtils.cp_r actual_path, local_provider_path
+          FileUtils.mkdir_p File.dirname(local_provider_path), :mode => 0700
+          FileUtils.install actual_path, local_provider_path, :mode => 0600
           Util.log :created, Path.relative_path(local_provider_path)
           actual_path = local_provider_path
         end
author	elijah <elijah@riseup.net>	2013-07-29 20:38:58 -0700
committer	elijah <elijah@riseup.net>	2013-07-29 20:38:58 -0700
commit	e00e5d2b501a0d2727ea84fb1ea3e597e1e37ee4 (patch)
tree	92901eec53f76e7bc617e47001977cb1b0b614fe /lib/leap_cli/config
parent	0f92af724ebab6416fc641b57f0a6d43614c25da (diff)