Fixed Sensitive Data Exposure at /tmp directory

pyanaconda/anaconda.py

@@ -27,6 +27,7 @@
 from pyanaconda.core import constants
 from pyanaconda.core.startup.dbus_launcher import AnacondaDBusLauncher
 from pyanaconda.core.kernel import kernel_arguments
+from pyanaconda.core.path import open_with_perm
 from pyanaconda.modules.common.constants.services import PAYLOADS
 from pyanaconda.ui.lib.addons import collect_addon_ui_paths
 
@@ -192,7 +193,7 @@ def dumpState(self):
  os.close(fd)
 
  # append to a given file
- with open("/tmp/anaconda-tb-all.log", "a+") as f:
+ with open_with_perm("/tmp/anaconda-tb-all.log", "a+", 0o600) as f:
  f.write("--- traceback: %s ---\n" % filename)
  f.write(dump_text + "\n")
 

pyanaconda/core/startup/dbus_launcher.py

@@ -32,6 +32,7 @@
 from pyanaconda.core.constants import ANACONDA_BUS_ADDR_FILE, ANACONDA_CONFIG_TMP, \
  ANACONDA_BUS_CONF_FILE, DBUS_ANACONDA_SESSION_ADDRESS
 from pyanaconda.core.dbus import DBus
+from pyanaconda.core.path import open_with_perm
 from dasbus.constants import DBUS_FLAG_NONE
 from pyanaconda.modules.common.constants.services import BOSS
 
@@ -115,7 +116,7 @@ def dbus_preexec():
  # to set dbus subprocess SIGINT handler
  signal.signal(signal.SIGINT, signal.SIG_IGN)
 
- self._log_file = open('/tmp/dbus.log', 'a')
+ self._log_file = open_with_perm('/tmp/dbus.log', 'a', 0o600)
  self._dbus_daemon_process = startProgram(command, stderr=self._log_file, reset_lang=False,
  preexec_fn=dbus_preexec)