From 34bbbf9ae392e67c2f8bc27e93b2e8d6f2eac369 Mon Sep 17 00:00:00 2001
From: Valentin Vidic <Valentin.Vidic@CARNet.hr>
Date: Fri, 24 Apr 2009 15:39:17 +0200
Subject: [PATCH] Make upgrade logs readable by root only.

---
 src/cn-upgrade   |    8 ++++++++
 src/functions.sh |    9 ++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/cn-upgrade b/src/cn-upgrade
index 4c53764..6abb546 100755
--- a/src/cn-upgrade
+++ b/src/cn-upgrade
@@ -6,8 +6,16 @@ version="%PKG_VERSION%"
 
 # restart upgrade under script for logging purposes
 if [ "$1" == "--no-script" ]; then
+    # restore umask to default
+    umask 0022
+
     shift
 elif [ -x /usr/bin/script ]; then
+    # make logs safe
+    umask 0077
+    chmod og= /var/log/carnet-upgrade.* 2>/dev/null
+
+    # restart through script
     exec /usr/bin/script -a -t -f -c "$0 --no-script $@" \
          /var/log/carnet-upgrade.typescript 2>>/var/log/carnet-upgrade.timing
 fi
diff --git a/src/functions.sh b/src/functions.sh
index de8f4f9..466e770 100644
--- a/src/functions.sh
+++ b/src/functions.sh
@@ -22,10 +22,17 @@ pkg() {
 }
 
 log() {
+  local old_umask
   logfile=${logfile:=/var/log/carnet-upgrade.log}
-  touch $logfile
+
+  old_umask=$(umask)
+  umask 0077
+
   echo "$(date +'%Y-%m-%d %H:%M:%S') $*" >> $logfile
   echo "CN: $*"
+
+  umask $old_umask
+  chmod og= $logfile
 }
 
 # find first free uid/gid in range
-- 
1.7.10.4