util: os: Create files and dirs with 0o700

Signed-off-by: John Andersen <[email protected]>

Author: pdxjohnny

dffml/service/dev.py

@@ -18,7 +18,7 @@
 from pathlib import Path
 
 from ..base import BaseConfig
-from ..util.os import chdir
+from ..util.os import chdir, MODE_BITS_SECURE
 from ..version import VERSION
 from ..util.skel import Skel, SkelTemplateConfig
 from ..util.cli.arg import Arg
@@ -429,7 +429,7 @@ async def run(self):
             with tempfile.TemporaryDirectory() as tempdir:
                 # The directory where the fresh copy will live
                 clean_dir = pathlib.Path(tempdir, "clean")
-                clean_dir.mkdir()
+                clean_dir.mkdir(mode=MODE_BITS_SECURE)
                 archive_file = pathlib.Path(tempdir, "archive.tar")
                 # Create the archive
                 with open(archive_file, "wb") as archive:

dffml/util/os.py

@@ -2,6 +2,11 @@
 import contextlib
 
 
+# When creating files or directories we should always default to only allowing
+# the user to access or edit the files or directories.
+MODE_BITS_SECURE = 0o700
+
+
 @contextlib.contextmanager
 def chdir(new_path):
     """