Make installer.log non-readable by non-root users

Doesn't have any sensitive info right now but might in the future. Fixes #142
2025-12-18 21:54:05 +08:00 · 2019-05-19 23:19:21 -07:00
parent f5ecce77a1
commit 8ec3fab3f3
2 changed files with 11 additions and 1 deletions
--- a/bootstrap/bootstrap.py
+++ b/bootstrap/bootstrap.py
@@ -97,7 +97,11 @@ def main():

    # Set up logging to print to a file and to stderr
    os.makedirs(install_prefix, exist_ok=True)
-    file_logger = logging.FileHandler(os.path.join(install_prefix, 'installer.log'))
+    file_logger_path = os.path.join(install_prefix, 'installer.log')
+    file_logger = logging.FileHandler(file_logger_path)
+    # installer.log should be readable only by root
+    os.chmod(file_logger_path, 0o500)
+
    file_logger.setFormatter(logging.Formatter('%(asctime)s %(message)s'))
    file_logger.setLevel(logging.DEBUG)
    logger.addHandler(file_logger)
--- a/integration-tests/test_install.py
+++ b/integration-tests/test_install.py
@@ -117,6 +117,12 @@ def test_admin_writable():
    permissions_test(ADMIN_GROUP, sys.prefix, writable=True, dirs_only=True)


+def test_installer_log_readable():
+    # Test that installer.log is owned by root, and not readable by anyone else
+    file_stat = os.stat('/opt/tljh/installer.log')
+    assert file_stat.st_uid == 0
+    assert file_stat.st_mode == 0o100500
+
@pytest.mark.parametrize("group", [ADMIN_GROUP, USER_GROUP])
 def test_user_env_readable(group):
    # every file in user env should be readable by everyone