Fix incorrect permissions for /etc/hosts

If we modify /etc/hosts, we read/copy the ownership and permissions from the existing /etc/hosts before we make our new temporary file which will eventually overwrite /etc/hosts. If we fail to retrieve the permissions of the existing /etc/hosts file, we made the temporary file owned by root 0o600 permissions. It should have 0o644 permissions so that /etc/hosts has the correct permissions once we rename it. It is unlikely many encoutered this bug since most machines have /etc/hosts prior to sshuttle running and we should be able to read the permission/ownership of that existing file.
sshuttle · Jun 25, 2022 · df98790 · df98790
1 parent f9a9dad
commit df98790
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/sshuttle/firewall.py b/sshuttle/firewall.py
@@ -51,7 +51,7 @@ def rewrite_etc_hosts(hostmap, port):
         os.chmod(tmpname, st.st_mode)
     else:
         os.chown(tmpname, 0, 0)
-        os.chmod(tmpname, 0o600)
+        os.chmod(tmpname, 0o644)
     try:
         os.rename(tmpname, HOSTSFILE)
     except OSError: