virt-manager/53b39a13-dont-create-disk-images-world-readable-executable.patch

Subject: Don't create disk images world readable and executable
From: Ron ron@debian.org Sun Jun 29 16:16:36 2014 +0930
Date: Wed Jul 2 07:35:15 2014 +0200:
Git: ea1d973957ce3662c7fb22046c34b62f72f0e624

Python's os.open() defaults to mode 0777 if not explicitly specified.
Disk image files don't need to be executable, and having them world
readable isn't an ideal situation either.  Owner writable and group
readable is probably more than sufficient when initially creating
them.

Signed-off-by: Ron Lee <ron@debian.org>

diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py
index 5f72d00..2c74a11 100644
--- a/virtinst/diskbackend.py
+++ b/virtinst/diskbackend.py
@@ -383,7 +383,7 @@ class StorageCreator(_StorageBase):
             sparse = True
             fd = None
             try:
-                fd = os.open(self._path, os.O_WRONLY | os.O_CREAT)
+                fd = os.open(self._path, os.O_WRONLY | os.O_CREAT, 0640)
                 os.ftruncate(fd, size_bytes)
             finally:
                 if fd:
@@ -401,7 +401,7 @@ class StorageCreator(_StorageBase):
         try:
             try:
                 src_fd = os.open(self._clone_path, os.O_RDONLY)
-                dst_fd = os.open(self._path, os.O_WRONLY | os.O_CREAT)
+                dst_fd = os.open(self._path, os.O_WRONLY | os.O_CREAT, 0640)
 
                 i = 0
                 while 1:
diff --git a/virtinst/urlfetcher.py b/virtinst/urlfetcher.py
index fba70f9..b51e524 100644
--- a/virtinst/urlfetcher.py
+++ b/virtinst/urlfetcher.py
@@ -67,7 +67,7 @@ class _ImageFetcher(object):
         prefix = "virtinst-" + prefix
         if "VIRTINST_TEST_SUITE" in os.environ:
             fn = os.path.join(".", prefix)
-            fd = os.open(fn, os.O_RDWR | os.O_CREAT)
+            fd = os.open(fn, os.O_RDWR | os.O_CREAT, 0640)
         else:
             (fd, fn) = tempfile.mkstemp(prefix=prefix,
                                         dir=self.scratchdir)
- bnc#885308 - pass virtio-rng-pci to the guest qemu virtinst-add-default-rng-device.patch - Fix GUI failure to display addition of a second disk Dropped virtman-device-flags.patch - bnc#885380 - virt-install: by default generates raw format against various virtual disk formats virtinst-supported-disk-formats.patch virtman-supported-disk-formats.patch - Dropped virtinst-qed.patch, virtman-qed.patch - bnc#869026 - Build0198: Unable to complete install: 'XML error: No PCI buses available' virtman-add-s390x-arch-support.patch - Upstream bug fixes 53ac1f8d-createnet-validate-last-page-before-creating-network.patch 53ac1f8d-fix-show_err-typo.patch 53b39a13-dont-create-disk-images-world-readable-executable.patch 53b409bc-add-keep-alive-method-and-connection-check.patch 53b409bd-console-prevent-access-to-deleted-objects.patch 53b728c6-report-error-during-connection-bring-up.patch 53b728c6-connection-handle-unsupported-KeepAlive.patch 53bb1995-network-refresh-XML-definition-on-state-update.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-manager?expand=0&rev=188 2014-07-18 01:22:14 +02:00			`Subject: Don't create disk images world readable and executable`
			`From: Ron ron@debian.org Sun Jun 29 16:16:36 2014 +0930`
			`Date: Wed Jul 2 07:35:15 2014 +0200:`
			`Git: ea1d973957ce3662c7fb22046c34b62f72f0e624`

			`Python's os.open() defaults to mode 0777 if not explicitly specified.`
			`Disk image files don't need to be executable, and having them world`
			`readable isn't an ideal situation either. Owner writable and group`
			`readable is probably more than sufficient when initially creating`
			`them.`

			`Signed-off-by: Ron Lee <ron@debian.org>`

			`diff --git a/virtinst/diskbackend.py b/virtinst/diskbackend.py`
			`index 5f72d00..2c74a11 100644`
			`--- a/virtinst/diskbackend.py`
			`+++ b/virtinst/diskbackend.py`
			`@@ -383,7 +383,7 @@ class StorageCreator(_StorageBase):`
			`sparse = True`
			`fd = None`
			`try:`
			`- fd = os.open(self._path, os.O_WRONLY \| os.O_CREAT)`
			`+ fd = os.open(self._path, os.O_WRONLY \| os.O_CREAT, 0640)`
			`os.ftruncate(fd, size_bytes)`
			`finally:`
			`if fd:`
			`@@ -401,7 +401,7 @@ class StorageCreator(_StorageBase):`
			`try:`
			`try:`
			`src_fd = os.open(self._clone_path, os.O_RDONLY)`
			`- dst_fd = os.open(self._path, os.O_WRONLY \| os.O_CREAT)`
			`+ dst_fd = os.open(self._path, os.O_WRONLY \| os.O_CREAT, 0640)`

			`i = 0`
			`while 1:`
			`diff --git a/virtinst/urlfetcher.py b/virtinst/urlfetcher.py`
			`index fba70f9..b51e524 100644`
			`--- a/virtinst/urlfetcher.py`
			`+++ b/virtinst/urlfetcher.py`
			`@@ -67,7 +67,7 @@ class _ImageFetcher(object):`
			`prefix = "virtinst-" + prefix`
			`if "VIRTINST_TEST_SUITE" in os.environ:`
			`fn = os.path.join(".", prefix)`
			`- fd = os.open(fn, os.O_RDWR \| os.O_CREAT)`
			`+ fd = os.open(fn, os.O_RDWR \| os.O_CREAT, 0640)`
			`else:`
			`(fd, fn) = tempfile.mkstemp(prefix=prefix,`
			`dir=self.scratchdir)`