[Yum-devel] [PATCH 1/2] make sure history dbs are readable only by root - suggested by Josh Bressers

Seth Vidal skvidal at fedoraproject.org
Wed Dec 9 21:20:44 UTC 2009



On Wed, 9 Dec 2009, James Antill wrote:

> On Wed, 2009-12-09 at 13:18 -0500, Seth Vidal wrote:
>> ---
>>  yum/history.py |    6 ++++++
>>  1 files changed, 6 insertions(+), 0 deletions(-)
>>
>> diff --git a/yum/history.py b/yum/history.py
>> index 095c76b..5a1c5e0 100644
>> --- a/yum/history.py
>> +++ b/yum/history.py
>> @@ -620,6 +620,12 @@ class YumHistory:
>>          if self._db_file == _db_file:
>>              os.rename(_db_file, _db_file + '.old')
>>          self._db_file = _db_file
>> +
>> +        if self.conf.writable and not os.path.exists(self._db_file):
>> +            # make them default to 0600 - sysadmin can change it later
>> +            # if they want
>> +            fo = os.open(self._db_file, os.O_CREAT, 0600)
>> +            os.close(fo)
>
> ACK, it's ugly as smeg but I can't think of a better way.
>

sqlite3.connect() doesn't give us crap. I could set the environ umask to 
get around it but that feels uglier somehow.

-sv



More information about the Yum-devel mailing list