From 168b6b98479e50e8cbce07332670db3b1b0a1b52 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kodama.kitenet.net>
Date: Mon, 5 Nov 2007 19:18:30 -0500
Subject: fix .metadata file perms after initial creation too

---
 pre-commit.d/10store-metadata | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'pre-commit.d/10store-metadata')

diff --git a/pre-commit.d/10store-metadata b/pre-commit.d/10store-metadata
index 7958888..b878abd 100755
--- a/pre-commit.d/10store-metadata
+++ b/pre-commit.d/10store-metadata
@@ -1,11 +1,13 @@
 #!/bin/sh
 set -e
 
+# Make sure the file is not readable by others, since it can leak
+# information about contents of non-readable directories in /etc.
+umask 077
+
 # ensure the file exists so that it will list its own metadata
 if [ ! -e .metadata ]; then
 	metastore --save
-	# the file could leak hidden dir contents..
-	chmod 600 .metadata
 fi
 
 # metastore doesn't produce the same output file for the same metadata
-- 
cgit v1.2.3