aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2012-09-19 23:26:38 +0200
committerKim Alvefur <zash@zash.se>2012-09-19 23:26:38 +0200
commitfb9f19c208c2ab220ab6aeeb033b2d560dccb900 (patch)
tree1aa77d9fad3655abd5011a1ccb34bd12511db7e6
parent799a42cb68a69e9576e0fe996200965ff75e14d6 (diff)
downloadprosody-fb9f19c208c2ab220ab6aeeb033b2d560dccb900.tar.gz
prosody-fb9f19c208c2ab220ab6aeeb033b2d560dccb900.zip
prosodyctl: Set stricter umask while generating key (thanks darkrain)
-rwxr-xr-xprosodyctl4
1 files changed, 3 insertions, 1 deletions
diff --git a/prosodyctl b/prosodyctl
index f44dc4f8..519b3efd 100755
--- a/prosodyctl
+++ b/prosodyctl
@@ -687,11 +687,13 @@ function cert_commands.key(arg)
if ask_overwrite(key_filename) then
return nil, key_filename;
end
- os.remove(key_filename); -- We chmod this file to not have write permissions
+ os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions
local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048);
+ local old_umask = pposix.umask("0377");
if openssl.genrsa{out=key_filename, key_size} then
os.execute(("chmod 400 '%s'"):format(key_filename));
show_message("Key written to ".. key_filename);
+ pposix.umask(old_umask);
return nil, key_filename;
end
show_message("There was a problem, see OpenSSL output");