diff options
author | Jose Luis Duran <jlduran@users.noreply.github.com> | 2018-04-18 18:29:27 -0300 |
---|---|---|
committer | Jose Luis Duran <jlduran@users.noreply.github.com> | 2018-04-19 08:44:08 -0300 |
commit | 4c6c3575c66ce10043c9ea04023788890a228de8 (patch) | |
tree | 01640e7a1e40ce32b0aa60314f241ec7e0f85bdf /railties | |
parent | 185fce159721b331cc9a0ae17b662373ee0fc95f (diff) | |
download | rails-4c6c3575c66ce10043c9ea04023788890a228de8.tar.gz rails-4c6c3575c66ce10043c9ea04023788890a228de8.tar.bz2 rails-4c6c3575c66ce10043c9ea04023788890a228de8.zip |
Make the master.key readable only by the owner
This change may only apply to POSIX-compliant systems.
Previously:
$ ls -l config/master.key
-rw-r--r-- 1 owner group 32 Jan 1 00:00 master.key
Now:
$ ls -l config/master.key
-rw------- 1 owner group 32 Jan 1 00:00 master.key
Diffstat (limited to 'railties')
-rw-r--r-- | railties/CHANGELOG.md | 17 | ||||
-rw-r--r-- | railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb | 1 | ||||
-rw-r--r-- | railties/test/generators/app_generator_test.rb | 9 |
3 files changed, 27 insertions, 0 deletions
diff --git a/railties/CHANGELOG.md b/railties/CHANGELOG.md index 071a649956..a4d4a87a8b 100644 --- a/railties/CHANGELOG.md +++ b/railties/CHANGELOG.md @@ -1,3 +1,20 @@ +* Make the master.key file read-only for the owner upon generation on + POSIX-compliant systems. + + Previously: + + $ ls -l config/master.key + -rw-r--r-- 1 owner group 32 Jan 1 00:00 master.key + + Now: + + $ ls -l config/master.key + -rw------- 1 owner group 32 Jan 1 00:00 master.key + + Fixes #32604. + + *Jose Luis Duran* + * Deprecate support for using the `HOST` environment to specify the server IP. The `BINDING` environment should be used instead. diff --git a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb index 90068c678d..e2359e9ded 100644 --- a/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb +++ b/railties/lib/rails/generators/rails/encryption_key_file/encryption_key_file_generator.rb @@ -27,6 +27,7 @@ module Rails def add_key_file_silently(key_path, key = nil) create_file key_path, key || ActiveSupport::EncryptedFile.generate_key + key_path.chmod 0600 end def ignore_key_file(key_path, ignore: key_ignore(key_path)) diff --git a/railties/test/generators/app_generator_test.rb b/railties/test/generators/app_generator_test.rb index 294fdcd6a1..c3809a912b 100644 --- a/railties/test/generators/app_generator_test.rb +++ b/railties/test/generators/app_generator_test.rb @@ -941,6 +941,15 @@ class AppGeneratorTest < Rails::Generators::TestCase assert_directory("test/system") end + unless Gem.win_platform? + def test_master_key_is_only_readable_by_the_owner + run_generator + + stat = File.stat("config/master.key") + assert_equal "100600", sprintf("%o", stat.mode) + end + end + private def stub_rails_application(root) Rails.application.config.root = root |