CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700

[nivanova/samba-autobuild/.git] / python / samba / provision / __init__.py

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index d8f353f54ae67dc5bb2c30d7f5256318d9e0f80b..4920735b247bf70ea0c6c0be5c50cad9c1acce4f 100644 (file)
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -2025,7 +2025,7 @@ def provision(logger, session_info, smbconf=None,
     if not os.path.exists(paths.private_dir):
         os.mkdir(paths.private_dir)
     if not os.path.exists(os.path.join(paths.private_dir, "tls")):
-        os.mkdir(os.path.join(paths.private_dir, "tls"))
+        os.makedirs(os.path.join(paths.private_dir, "tls"), 0700)
     if not os.path.exists(paths.state_dir):
         os.mkdir(paths.state_dir)