From 0d018c22f9470623bee61a05859d5b02fe9251d9 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Wed, 19 Sep 2012 23:26:38 +0200 Subject: prosodyctl: Set stricter umask while generating key (thanks darkrain) --- prosodyctl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'prosodyctl') diff --git a/prosodyctl b/prosodyctl index 12117c0f..93eac3f2 100755 --- a/prosodyctl +++ b/prosodyctl @@ -686,11 +686,13 @@ function cert_commands.key(arg) if ask_overwrite(key_filename) then return nil, key_filename; end - os.remove(key_filename); -- We chmod this file to not have write permissions + os.remove(key_filename); -- This file, if it exists is unlikely to have write permissions local key_size = tonumber(arg[2] or show_prompt("Choose key size (2048):") or 2048); + local old_umask = pposix.umask("0377"); if openssl.genrsa{out=key_filename, key_size} then os.execute(("chmod 400 '%s'"):format(key_filename)); show_message("Key written to ".. key_filename); + pposix.umask(old_umask); return nil, key_filename; end show_message("There was a problem, see OpenSSL output"); -- cgit v1.2.3