Ensure logfile and hashtable are not world readable

sbidy / MacroMilter

This python based milter (mail-filter) checks an incoming mail for suspicious VBA macro code in MS 20xx Office attachments (doc, xls, ppt ...).

MIT License

37 stars 14 forks source link

Ensure logfile and hashtable are not world readable #27

Closed robert-scheck closed 6 years ago

robert-scheck commented 6 years ago

From my point of view, #18 is not fixed by 0a2d6d8 given os.makedirs(LOGFILE_DIR,0o0750) only works if MacroMilter is started as root but not when MacroMilter is started as non-privileged user, e.g. postfix, because that user is by default unable to create a directory in /var/log/ anyway. Thus this patch suggests to change the process' umask in general to avoid world readable files.

sbidy commented 6 years ago

I'll check this and commit the change