Fix overly permissive file permissions in luigi/lock.py

Fixes #3303 Update file permissions in `luigi/lock.py` to be more restrictive. * Change the file permissions of the `pid_dir` directory from `0o777` to `0o700` in the `acquire_for` function. * Update the test cases `test_acquiring_partially_taken_lock` and `test_acquiring_lock_from_missing_process` in `test/lock_test.py` to check for the new file permissions `0o700`.
spotify · Sep 4, 2024 · 67768d1 · 67768d1
1 parent 74e6e63
commit 67768d1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/luigi/lock.py b/luigi/lock.py
@@ -100,7 +100,7 @@ def acquire_for(pid_dir, num_available=1, kill_signal=None):
     # Create a pid file if it does not exist
     try:
         os.mkdir(pid_dir)
-        os.chmod(pid_dir, 0o777)
+        os.chmod(pid_dir, 0o700)
     except OSError as exc:
         if exc.errno != errno.EEXIST:
             raise

diff --git a/test/lock_test.py b/test/lock_test.py
@@ -100,7 +100,7 @@ def test_acquiring_partially_taken_lock(self):
         self.assertTrue(acquired)
 
         s = os.stat(self.pid_file)
-        self.assertEqual(s.st_mode & 0o777, 0o777)
+        self.assertEqual(s.st_mode & 0o700, 0o700)
 
     def test_acquiring_lock_from_missing_process(self):
         fake_pid = 99999
@@ -111,7 +111,7 @@ def test_acquiring_lock_from_missing_process(self):
         self.assertTrue(acquired)
 
         s = os.stat(self.pid_file)
-        self.assertEqual(s.st_mode & 0o777, 0o777)
+        self.assertEqual(s.st_mode & 0o700, 0o700)
 
     @mock.patch('os.kill')
     def test_take_lock_with_kill(self, kill_fn):