From e00e5d2b501a0d2727ea84fb1ea3e597e1e37ee4 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 29 Jul 2013 20:38:58 -0700
Subject: security fix - don't allow leap_cli created files to be world/group
 readable.

---
 lib/leap_cli/config/macros.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/leap_cli/config')

diff --git a/lib/leap_cli/config/macros.rb b/lib/leap_cli/config/macros.rb
index b5f6a34..ef3a85e 100644
--- a/lib/leap_cli/config/macros.rb
+++ b/lib/leap_cli/config/macros.rb
@@ -97,8 +97,8 @@ module LeapCli; module Config
           # if file is under Path.provider_base, we must copy the default file to
           # to Path.provider in order for rsync to be able to sync the file.
           local_provider_path = actual_path.sub(/^#{Regexp.escape(Path.provider_base)}/, Path.provider)
-          FileUtils.mkdir_p File.dirname(local_provider_path)
-          FileUtils.cp_r actual_path, local_provider_path
+          FileUtils.mkdir_p File.dirname(local_provider_path), :mode => 0700
+          FileUtils.install actual_path, local_provider_path, :mode => 0600
           Util.log :created, Path.relative_path(local_provider_path)
           actual_path = local_provider_path
         end
-- 
cgit v1.2.3