Add patch that detects and corrects unsafe permissions on ~/.nut-monitor left over from old installations during NUT-Monitor startup. (Closes: #777706)

This commit is contained in:
Michael Fincham 2015-02-13 11:39:10 +13:00 committed by Laurent Bigonville
parent 241119d464
commit 1563b485dc
4 changed files with 90 additions and 1 deletions

13
debian/NEWS vendored
View file

@ -1,3 +1,16 @@
nut (2.7.2-2) unstable; urgency=medium
Since version 1.2 NUT-Monitor uses safer directory permissions when
creating ~/.nut-monitor.
NUT-Monitor will now detect a pre-1.2 settings directory on startup
and update its permissions.
Please note that passwords stored in NUT-Monitor prior to this change
may have been exposed, and it is recommended that they be reset.
-- Michael Fincham <michael.fincham@catalyst.net.nz> Fri, 13 Feb 2015 11:57:12 +1300
nut (2.6.5-1) experimental; urgency=low nut (2.6.5-1) experimental; urgency=low
mge-shut driver has been replaced by a new implementation (newmge-shut). mge-shut driver has been replaced by a new implementation (newmge-shut).

8
debian/changelog vendored
View file

@ -1,5 +1,6 @@
nut (2.7.2-2) UNRELEASED; urgency=medium nut (2.7.2-2) UNRELEASED; urgency=medium
[ Laurent Bigonville ]
* debian/gbp.conf: Switch to debian-jessie branch * debian/gbp.conf: Switch to debian-jessie branch
* debian/rules: Revert the changes made in the previous NMU, I don't think * debian/rules: Revert the changes made in the previous NMU, I don't think
that dropping the .service file that late in the release cycle is a good that dropping the .service file that late in the release cycle is a good
@ -7,7 +8,12 @@ nut (2.7.2-2) UNRELEASED; urgency=medium
* Add wrappers that check the MODE in /etc/nut/nut.conf to avoid starting * Add wrappers that check the MODE in /etc/nut/nut.conf to avoid starting
the daemons if nut is not configured (Closes: #747863). the daemons if nut is not configured (Closes: #747863).
-- Laurent Bigonville <bigon@debian.org> Sun, 25 Jan 2015 12:53:03 +0100 [ Michael Fincham ]
* Add patch that detects and corrects unsafe permissions on ~/.nut-monitor
left over from old installations during NUT-Monitor startup.
(Closes: #777706)
-- Michael Fincham <michael.fincham@catalyst.net.nz> Fri, 13 Feb 2015 11:39:10 +1300
nut (2.7.2-1.1) unstable; urgency=medium nut (2.7.2-1.1) unstable; urgency=medium

View file

@ -0,0 +1,69 @@
If a ~/.nut-monitor directory is found with insecure permissions, change them to 0700.
--- a/scripts/python/app/NUT-Monitor
+++ b/scripts/python/app/NUT-Monitor
@@ -29,6 +29,7 @@
import sys
import base64
import os, os.path
+import stat
import platform
import time
import threading
@@ -44,21 +45,23 @@
class interface :
- __widgets = {}
- __callbacks = {}
- __favorites = {}
- __favorites_file = None
- __favorites_path = ""
- __fav_menu_items = list()
- __window_visible = True
- __glade_file = None
- __connected = False
- __ups_handler = None
- __ups_commands = None
- __ups_vars = None
- __ups_rw_vars = None
- __gui_thread = None
- __current_ups = None
+ DESIRED_FAVORITES_DIRECTORY_MODE = 0700
+
+ __widgets = {}
+ __callbacks = {}
+ __favorites = {}
+ __favorites_file = None
+ __favorites_path = ""
+ __fav_menu_items = list()
+ __window_visible = True
+ __glade_file = None
+ __connected = False
+ __ups_handler = None
+ __ups_commands = None
+ __ups_vars = None
+ __ups_rw_vars = None
+ __gui_thread = None
+ __current_ups = None
def __init__( self ) :
@@ -528,6 +531,9 @@
return
try :
+ if ( not stat.S_IMODE( os.stat( self.__favorites_path ).st_mode ) == self.DESIRED_FAVORITES_DIRECTORY_MODE ) : # unsafe pre-1.2 directory found
+ os.chmod( self.__favorites_path, self.DESIRED_FAVORITES_DIRECTORY_MODE )
+
conf = ConfigParser.ConfigParser()
conf.read( self.__favorites_file )
for current in conf.sections() :
@@ -573,7 +579,7 @@
# If path does not exists, try to create it
if ( not os.path.exists( self.__favorites_file ) ) :
try :
- os.makedirs( self.__favorites_path, mode=0700 )
+ os.makedirs( self.__favorites_path, mode=self.DESIRED_FAVORITES_DIRECTORY_MODE )
except :
self.gui_status_message( _("Error while creating configuration folder (%s)") % sys.exc_info()[1] )

View file

@ -4,3 +4,4 @@
0006-ups-conf-maxretry.patch 0006-ups-conf-maxretry.patch
0007-killpower-path.patch 0007-killpower-path.patch
0008-drop-w3c-icons.patch 0008-drop-w3c-icons.patch
0009-fix-favorites-permissions.patch