From 772d617b73f45547eeb466cfddaecdebf8158a70 Mon Sep 17 00:00:00 2001
From: lars <lars@systemausfall.org>
Date: Thu, 25 Jan 2007 23:14:08 +0000
Subject: [PATCH] chmod to secret certificate file to 0600

---
 plugins/encrypted_webinterface/encrypted_webinterface.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/plugins/encrypted_webinterface/encrypted_webinterface.py b/plugins/encrypted_webinterface/encrypted_webinterface.py
index 78870c0..2dd6418 100644
--- a/plugins/encrypted_webinterface/encrypted_webinterface.py
+++ b/plugins/encrypted_webinterface/encrypted_webinterface.py
@@ -125,6 +125,13 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
 					self.cbox.prefs.create_misc_config_file(CERT_FILENAME, cert)
 					self.cbox.log.info("Created new SSL certificate: %s" % \
 							cert_abs_name)
+					## make it non-readable for other users
+					try:
+						os.chmod(cert_abs_name, 0600)
+					except OSError, err_msg:
+						self.cbox.log.warn("Failed to change permissions of secret " \
+								+ "certificate file (%s): %s" % \
+								(cert_abs_name, err_msg))
 				except IOError, err_msg:
 					## do not run stunnel without a certificate
 					self.cbox.log.warn("Failed to create new SSL certificate (%s): %s" \