templating.renders 'fixes' directories to be world readable
Bug #1478940 reported by
Stuart Bishop
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Charm Helpers |
Fix Released
|
Undecided
|
Stuart Bishop | ||
Bug Description
templating.render accepts a mode argument, tricking the developer into thinking it might be secure, but then proceeds to reset the permissions of the parent directory to a hard coded world-readable:
host.
Directories should only be created in this fashion if explicitly asked for, rather than having potentially insecure behaviour by default.
Related branches
lp:~stub/charm-helpers/bug-1478940-dont-reset-directory-perms
- charmers: Pending requested
-
Diff: 61 lines (+41/-1)2 files modifiedcharmhelpers/core/templating.py (+5/-1)
tests/core/test_templating.py (+36/-0)
| information type: | Public → Public Security |
| Changed in charm-helpers: | |
| status: | New → In Progress |
| assignee: | nobody → Stuart Bishop (stub) |
| Changed in charm-helpers: | |
| status: | In Progress → Fix Committed |
| Changed in charm-helpers: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
