[Yum-devel] [PATCH 1/2] make sure history dbs are readable only by root - suggested by Josh Bressers

James Antill james at fedoraproject.org
Wed Dec 9 21:15:18 UTC 2009


On Wed, 2009-12-09 at 13:18 -0500, Seth Vidal wrote:
> ---
>  yum/history.py |    6 ++++++
>  1 files changed, 6 insertions(+), 0 deletions(-)
> 
> diff --git a/yum/history.py b/yum/history.py
> index 095c76b..5a1c5e0 100644
> --- a/yum/history.py
> +++ b/yum/history.py
> @@ -620,6 +620,12 @@ class YumHistory:
>          if self._db_file == _db_file:
>              os.rename(_db_file, _db_file + '.old')
>          self._db_file = _db_file
> +        
> +        if self.conf.writable and not os.path.exists(self._db_file):
> +            # make them default to 0600 - sysadmin can change it later
> +            # if they want
> +            fo = os.open(self._db_file, os.O_CREAT, 0600)
> +            os.close(fo)

 ACK, it's ugly as smeg but I can't think of a better way.



More information about the Yum-devel mailing list