gh-122: Ensure files in /var/run/one-context/ have 0400 permissions

Closes #122
6 years ago · fc8535e4d8
parent 71ed25b578
commit fc8535e4d8
2 changed files with 4 additions and 1 deletions
--- a/src/etc/one-context.d/loc-16-gen-env
+++ b/src/etc/one-context.d/loc-16-gen-env
@ -8,6 +8,7 @@ if [ -n "$ONEGATE_TOKEN" ]; then
    TOKENTXT="$ONEGATE_TOKEN"
 fi

+umask 0377
 echo "export TOKENTXT=\"$TOKENTXT\"" > $ENV_FILE
 echo "export VMID=\"$VMID\"" >> $ENV_FILE
 echo "export ONEGATE_ENDPOINT=\"$ONEGATE_ENDPOINT\"" >> $ENV_FILE
@ -28,5 +29,5 @@ function export_rc_vars
 export_rc_vars ${CONTEXT_FILE}

 chown root:root $ENV_FILE
-chmod a+r $ENV_FILE
+chmod 0400 $ENV_FILE

--- a/src/usr/sbin/one-contextd
+++ b/src/usr/sbin/one-contextd
@ -181,6 +181,8 @@ function get_new_context {
        log err 'Error: No contextualization found' 2
        exit 1
    fi
+
+    chmod 0400 "${CONTEXT_NEW}"
 }

 function check_context {