diff web/secure.py @ 525:8559078a82ff

Fix race setting umask
author Matt Johnston <matt@ucc.asn.au>
date Sat, 28 Feb 2015 00:14:02 +0800
parents ad846b9bdd10
children f7261dd970da
line wrap: on
line diff
--- a/web/secure.py	Thu Jan 29 22:55:24 2015 +0800
+++ b/web/secure.py	Sat Feb 28 00:14:02 2015 +0800
@@ -56,11 +56,10 @@
 def setup_csrf():
     NONCE_SIZE=16
     global _csrf_fd, _csrf_key
-    _csrf_fd = open('%s/csrf.dat' % config.DATA_PATH, 'r+')
+    _csrf_fd = os.fdopen(os.open('%s/csrf.dat' % config.DATA_PATH, os.O_RDWR | os.O_CREAT, 0600), 'r+')
 
     try:
         fcntl.lockf(_csrf_fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
-        os.fchmod(_csrf_fd.fileno(), 0600)
         _csrf_fd.write("%d-%s" % (os.getpid(), binascii.hexlify(os.urandom(NONCE_SIZE))))
         _csrf_fd.flush()
         _csrf_fd.seek(0)