Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
prosodyctl: Set stricter umask while generating key (thanks darkrain)
authorKim Alvefur <zash@zash.se>
Wed, 19 Sep 2012 23:26:38 +0200
changeset 5151 dfe6a70efaa2
parent 5150 81b49bb0ecc7
child 5152 fee5f8d4ec74
prosodyctl: Set stricter umask while generating key (thanks darkrain)
prosodyctl file | annotate | diff | comparison | revisions 
--- a/prosodyctl	Wed Sep 19 23:25:10 2012 +0200
+++ b/prosodyctl	Wed Sep 19 23:26:38 2012 +0200
@@ -687,11 +687,13 @@
 		if ask_overwrite(key_filename) then
 			return nil, key_filename;
 		end
-		os.remove(key_filename); -- We chmod this file to not have write permissions
+		os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
 		local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
+		local old_umask = pposix.umask("0377");
 		if openssl.genrsa{out=key_filename, key_size} then
 			os.execute(("chmod 400 '%s'"):format(key_filename));
 			show_message("Key written to ".. key_filename);
+			pposix.umask(old_umask);
 			return nil, key_filename;
 		end
 		show_message("There was a problem, see OpenSSL output");
prosody