From 71afd6ed05d5173469f17fb65f52a998bc5f2de1 Mon Sep 17 00:00:00 2001 From: "Piotr F. Mieszkowski" Date: Tue, 26 Apr 2022 18:41:33 +0200 Subject: [PATCH] [GnuPG.confirm_key] Set 700 mode for temp. key home --- GnuPG/__init__.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/GnuPG/__init__.py b/GnuPG/__init__.py index 3a79897..19adc19 100644 --- a/GnuPG/__init__.py +++ b/GnuPG/__init__.py @@ -82,7 +82,8 @@ def confirm_key( content, email ): if not os.path.exists(tmpkeyhome): break - os.mkdir(tmpkeyhome) + # let only the owner access the directory, otherwise gpg would complain + os.mkdir(tmpkeyhome, mode=0o700) localized_env = os.environ.copy() localized_env["LANG"] = "C" p = subprocess.Popen( build_command(tmpkeyhome, '--import', '--batch'), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env=localized_env )