Fixed file-write operation to a public directory

This PR fixes a case of sensitive data exposure by
using the existing helped method `open_with_perm`.

Signed-off-by: fazledyn-or <ataf@openrefactory.com>

pyanaconda/anaconda.py

@@ -27,6 +27,7 @@
 from pyanaconda.core import constants
 from pyanaconda.core.startup.dbus_launcher import AnacondaDBusLauncher
 from pyanaconda.core.kernel import kernel_arguments
+from pyanaconda.core.path import open_with_perm
 from pyanaconda.modules.common.constants.services import PAYLOADS
 from pyanaconda.ui.lib.addons import collect_addon_ui_paths
 
@@ -192,7 +193,7 @@ def dumpState(self):
  os.close(fd)
 
  # append to a given file
- with open("/tmp/anaconda-tb-all.log", "a+") as f:
+ with open_with_perm("/tmp/anaconda-tb-all.log", "a+", 0o600) as f:
  f.write("--- traceback: %s ---\n" % filename)
  f.write(dump_text + "\n")
 

pyanaconda/core/startup/dbus_launcher.py

@@ -26,12 +26,14 @@
 import os
 import signal
 from subprocess import TimeoutExpired
+from tempfile import mkstemp
 
 from pyanaconda.core.configuration.anaconda import conf
 from pyanaconda.core.util import startProgram
 from pyanaconda.core.constants import ANACONDA_BUS_ADDR_FILE, ANACONDA_CONFIG_TMP, \
  ANACONDA_BUS_CONF_FILE, DBUS_ANACONDA_SESSION_ADDRESS
 from pyanaconda.core.dbus import DBus
+from pyanaconda.core.path import open_with_perm
 from dasbus.constants import DBUS_FLAG_NONE
 from pyanaconda.modules.common.constants.services import BOSS
 
@@ -115,7 +117,7 @@ def dbus_preexec():
  # to set dbus subprocess SIGINT handler
  signal.signal(signal.SIGINT, signal.SIG_IGN)
 
- self._log_file = open('/tmp/dbus.log', 'a')
+ self._log_file = open_with_perm('/tmp/dbus.log', 'a', 0o600)
  self._dbus_daemon_process = startProgram(command, stderr=self._log_file, reset_lang=False,
  preexec_fn=dbus_preexec)