[Bug 1382632] Re: Insecure key file permissions

[Björn Tillenius]

I don't think the ordering of the package installs are important. They
run the same command. The problem seem to be that the code that creates
the secret key doesn't create it with the right permissions. The current
code in horizon/utils/secret_key.py does this:

            old_umask = os.umask(0o177)  # Use '0600' file permissions
            with open(key_file, 'w') as f:
                f.write(key)
            os.umask(old_umask)

That doesn't work on the systems we're installing to. It works if I
change the code to:

            with open(key_file, 'w') as f:
                os.chmod(key_file, 0o600)
                f.write(key)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/1382632

Title:
  Insecure key file permissions

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1382632/+subscriptions