Merge branch 'master' into security

[dak.git] / daklib / queue.py

diff --git a/daklib/queue.py b/daklib/queue.py
index 40960b9040e297cd2c10953e5015389ba297caa4..813782e23ef38e0dfc7c35818eba74d3f00a37c2 100755 (executable)
--- a/daklib/queue.py
+++ b/daklib/queue.py
@@ -217,12 +217,21 @@ class Upload:
         dump_filename = os.path.join(dest_dir,self.pkg.changes_file[:-8] + ".dak")
         dump_file = utils.open_file(dump_filename, 'w')
         try:
-            os.chmod(dump_filename, 0660)
+            os.chmod(dump_filename, 0664)
         except OSError, e:
+            # chmod may fail when the dumpfile is not owned by the user
+            # invoking dak (like e.g. when NEW is processed by a member
+            # of ftpteam)
             if errno.errorcode[e.errno] == 'EPERM':
                 perms = stat.S_IMODE(os.stat(dump_filename)[stat.ST_MODE])
-                if perms & stat.S_IROTH:
-                    utils.fubar("%s is world readable and chmod failed." % (dump_filename))
+                # security precaution, should never happen unless a weird
+                # umask is set anywhere
+                if perms & stat.S_IWOTH:
+                    utils.fubar("%s is world writable and chmod failed." % \
+                        (dump_filename,))
+                # ignore the failed chmod otherwise as the file should
+                # already have the right privileges and is just, at worst,
+                # unreadable for world
             else:
                 raise