Launchpadlib support in Ubuntu Developer Tools
cjwatson at ubuntu.com
Thu Jan 15 00:23:13 GMT 2009
On Wed, Jan 14, 2009 at 11:18:35AM -0800, Kees Cook wrote:
> On Wed, Jan 14, 2009 at 10:58:58AM -0800, Kees Cook wrote:
> > Please make sure that the tool that creates the credentials stores them in
> > a mode 0600 file. The API examples do not mention this, and I think
> > it's an important bit of protection.
> > While playing with lplib for security team work, I took this a step
> > further and even make the directory unreadable. e.g.:
> er, I missed a rather important last line. Re-paste:
> cachedir = os.path.expanduser('~/.launchpadlib/cache')
> if not os.path.exists(cachedir):
> credfile = os.path.expanduser('~/.launchpadlib/credentials')
> credentials = Credentials()
> launchpad = Launchpad(credentials, EDGE_SERVICE_ROOT, cachedir)
> launchpad = Launchpad.get_token_and_login(sys.argv, EDGE_SERVICE_ROOT, cachedir)
Isn't the third argument to Python's open() the buffer size, not the
file mode? That's what the documentation says, anyway.
$ python -c 'open("pyopentest", "w", 0600).close()'; ls -l pyopentest
-rw-r--r-- 1 cjwatson cjwatson 0 2009-01-15 00:19 pyopentest
I think you need:
launchpad = Launchpad.get_token_and_login(sys.argv, EDGE_SERVICE_ROOT, cachedir)
credfd = open(credfile, "w")
Python didn't have fchmod until 2.6 so this is a little awkward, but it
does the job.
(Thanks for the note about making the file non-world-readable, though;
I'd forgotten it entirely in a launchpadlib application I maintain.
Colin Watson [cjwatson at ubuntu.com]
More information about the ubuntu-devel