From af309d4d5cb3bfd17ebf2eaeb3c1bda09e432448 Mon Sep 17 00:00:00 2001 From: Christian Ebner Date: Mon, 27 May 2019 14:16:13 +0200 Subject: [PATCH] src/bin/pxar.rs: set archive permissions to 0o640 As the archive can contain potentially sensitive data such as key files, it makes sense to restrict the permissions. Signed-off-by: Christian Ebner --- src/bin/pxar.rs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/bin/pxar.rs b/src/bin/pxar.rs index e5184bc7..0ed66ab8 100644 --- a/src/bin/pxar.rs +++ b/src/bin/pxar.rs @@ -11,6 +11,8 @@ use serde_json::{Value}; use std::io::Write; use std::path::{Path, PathBuf}; +use std::fs::OpenOptions; +use std::os::unix::fs::OpenOptionsExt; use proxmox_backup::pxar; @@ -119,9 +121,10 @@ fn create_archive( let mut dir = nix::dir::Dir::open( &source, nix::fcntl::OFlag::O_NOFOLLOW, nix::sys::stat::Mode::empty())?; - let file = std::fs::OpenOptions::new() + let file = OpenOptions::new() .create_new(true) .write(true) + .mode(0o640) .open(archive)?; let mut writer = std::io::BufWriter::with_capacity(1024*1024, file);