From fddec92b8ea39515ff19be1117fcacb32944ab72 Mon Sep 17 00:00:00 2001
From: Scott Moser <smoser@ubuntu.com>
Date: Fri, 29 Jan 2010 13:05:06 -0500
Subject: tighten permissions on cloud-config and user-data to protect it

---
 ec2init/__init__.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'ec2init/__init__.py')

diff --git a/ec2init/__init__.py b/ec2init/__init__.py
index 918b9280..76aa34f0 100644
--- a/ec2init/__init__.py
+++ b/ec2init/__init__.py
@@ -147,8 +147,8 @@ class EC2Init:
         self.store_userdata()
 
     def store_userdata(self):
-        util.write_file(userdata_raw, self.datasource.get_userdata_raw(), 0644)
-        util.write_file(userdata, self.datasource.get_userdata(), 0644)
+        util.write_file(userdata_raw, self.datasource.get_userdata_raw(), 0600)
+        util.write_file(userdata, self.datasource.get_userdata(), 0600)
 
     def initctl_emit(self):
         subprocess.Popen(['initctl', 'emit', 'cloud-config',
@@ -283,9 +283,7 @@ class EC2Init:
             self.cloud_config_str=""
             return
         if ctype == "__end__":
-            f=open(cloud_config, "wb")
-            f.write(self.cloud_config_str)
-            f.close()
+            util.write_file(cloud_config, self.cloud_config_str, 0600)
 
             ## this could merge the cloud config with the system config
             ## for now, not doing this as it seems somewhat circular
-- 
cgit v1.2.3