From b94513b24ede281068da2c709fd6a6973175e398 Mon Sep 17 00:00:00 2001
From: Kendall Gifford <zettabyte@gmail.com>
Date: Fri, 18 May 2012 20:05:39 -0600
Subject: [PATCH 1/3] WIP: adding test to verify no group/other read access to
 user's credentials file

---
 test/rubygems/test_gem_config_file.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/test/rubygems/test_gem_config_file.rb b/test/rubygems/test_gem_config_file.rb
index a50a39ca4f38..ff62bde9356e 100644
--- a/test/rubygems/test_gem_config_file.rb
+++ b/test/rubygems/test_gem_config_file.rb
@@ -309,6 +309,12 @@ def test_load_api_keys_from_config
                   :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
   end
 
+  def test_save_credentials_with_strict_permissions
+    util_config_file
+    @cfg
+    assert_equal mask, File.stat(path).mode unless win_platform?
+  end
+
   def util_config_file(args = @cfg_args)
     @cfg = Gem::ConfigFile.new args
   end

From 09a34ca2a35a49748ebea09a263cb00dfd2b9d6c Mon Sep 17 00:00:00 2001
From: Kendall Gifford <zettabyte@gmail.com>
Date: Mon, 21 May 2012 11:43:31 -0600
Subject: [PATCH 2/3] Add test to ensure good perms on user's credentials file

---
 test/rubygems/test_gem_config_file.rb | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/test/rubygems/test_gem_config_file.rb b/test/rubygems/test_gem_config_file.rb
index ff62bde9356e..d3b45f337667 100644
--- a/test/rubygems/test_gem_config_file.rb
+++ b/test/rubygems/test_gem_config_file.rb
@@ -309,10 +309,12 @@ def test_load_api_keys_from_config
                   :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
   end
 
-  def test_save_credentials_with_strict_permissions
+  def test_save_credentials_file_with_strict_permissions
     util_config_file
-    @cfg
-    assert_equal mask, File.stat(path).mode unless win_platform?
+    FileUtils.mkdir File.dirname(@cfg.credentials_path)
+    @cfg.rubygems_api_key = '701229f217cdf23b1344c7b4b54ca97'
+    mode = 0100600 & (~File.umask)
+    assert_equal mode, File.stat(@cfg.credentials_path).mode unless win_platform?
   end
 
   def util_config_file(args = @cfg_args)

From e9960c7620f24fabe9e6bd770e8d12bc12e602b4 Mon Sep 17 00:00:00 2001
From: Kendall Gifford <zettabyte@gmail.com>
Date: Mon, 21 May 2012 12:33:07 -0600
Subject: [PATCH 3/3] Ensure no group/other read perms when creating user's
 credentials file (Issue #333).

---
 lib/rubygems/config_file.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb
index bd4080c0fd39..a56085ccc2f3 100644
--- a/lib/rubygems/config_file.rb
+++ b/lib/rubygems/config_file.rb
@@ -235,7 +235,8 @@ def rubygems_api_key=(api_key)
 
     Gem.load_yaml
 
-    File.open(credentials_path, 'w') do |f|
+    permissions = 0600 & (~File.umask)
+    File.open(credentials_path, 'w', permissions) do |f|
       f.write config.to_yaml
     end