diff options
author | Andrew White <pixeltrix@users.noreply.github.com> | 2018-04-19 14:09:21 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-19 14:09:21 +0100 |
commit | 1a32e058a3a9b5f2e7b2930e1177de2f23aa8555 (patch) | |
tree | ae216f1a7f832ae8a14f380f21b647d66c7717da /railties | |
parent | 9cfbcce8ad134b1b3153d4a4d08207bf1e3d0598 (diff) | |
parent | 4c6c3575c66ce10043c9ea04023788890a228de8 (diff) | |
download | rails-1a32e058a3a9b5f2e7b2930e1177de2f23aa8555.tar.gz rails-1a32e058a3a9b5f2e7b2930e1177de2f23aa8555.tar.bz2 rails-1a32e058a3a9b5f2e7b2930e1177de2f23aa8555.zip |
Merge pull request #32627 from jlduran/make-master-key-readable-only-by-owner
Make the master.key readable only by the owner
Diffstat (limited to 'railties')
-rw-r--r-- | railties/CHANGELOG.md | 17 | ||||
-rw-r--r-- | railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb | 1 | ||||
-rw-r--r-- | railties/test/generators/app_generator_test.rb | 9 |
3 files changed, 27 insertions, 0 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 071a649956..a4d4a87a8b 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,20 @@ +* Make the master.key file read-only for the owner upon generation on + POSIX-compliant systems. + + Previously: + + $ ls -l config/master.key + -rw-r--r-- 1 owner group 32 Jan 1 00:00 master.key + + Now: + + $ ls -l config/master.key + -rw------- 1 owner group 32 Jan 1 00:00 master.key + + Fixes #32604. + + *Jose Luis Duran* + * Deprecate support for using the `HOST` environment to specify the server IP. The `BINDING` environment should be used instead. diff --git a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb index 90068c678d..e2359e9ded 100644 --- a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb +++ b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb @@ -27,6 +27,7 @@ module Rails def add_key_file_silently(key_path, key = nil) create_file key_path, key || ActiveSupport::EncryptedFile.generate_key + key_path.chmod 0600 end def ignore_key_file(key_path, ignore: key_ignore(key_path)) diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index 294fdcd6a1..c3809a912b 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -941,6 +941,15 @@ class AppGeneratorTest < Rails::Generators::TestCase assert_directory("test/system") end + unless Gem.win_platform? + def test_master_key_is_only_readable_by_the_owner + run_generator + + stat = File.stat("config/master.key") + assert_equal "100600", sprintf("%o", stat.mode) + end + end + private def stub_rails_application(root) Rails.application.config.root = root |