From 80b29a85cc98effde6c4f919cf90d9aababd22ad Mon Sep 17 00:00:00 2001
From: Dave Page <dpage@pgadmin.org>
Date: Wed, 21 Mar 2018 11:27:59 +0000
Subject: [PATCH] Secure runtime temp files.

---
 runtime/Server.cpp   | 2 ++
 runtime/pgAdmin4.cpp | 1 +
 2 files changed, 3 insertions(+)

diff --git a/runtime/Server.cpp b/runtime/Server.cpp
index 805772bef..8dcaa85c5 100644
--- a/runtime/Server.cpp
+++ b/runtime/Server.cpp
@@ -17,6 +17,7 @@
 // QT headers
 #include <QDebug>
 #include <QDir>
+#include <QFile>
 #include <QMessageBox>
 
 // App headers
@@ -217,6 +218,7 @@ Server::Server(quint16 port, QString key, QString logFileName)
     int fd = fileno(log);
     PyObject *err = PyFile_FromFd(fd, NULL, (char *)"w", -1, NULL, NULL, NULL, 0);
 #endif
+    QFile(m_logFileName).setPermissions(QFile::ReadOwner|QFile::WriteOwner);
     PyObject_SetAttrString(sys, "stderr", err);
 }
 
diff --git a/runtime/pgAdmin4.cpp b/runtime/pgAdmin4.cpp
index e9490b620..0cb991e4c 100644
--- a/runtime/pgAdmin4.cpp
+++ b/runtime/pgAdmin4.cpp
@@ -331,6 +331,7 @@ int main(int argc, char * argv[])
     // Stash the URL for any duplicate processes to open
     if (addrFile.open(QIODevice::WriteOnly))
     {
+        addrFile.setPermissions(QFile::ReadOwner|QFile::WriteOwner);
         QTextStream out(&addrFile);
         out << appServerUrl << endl;
     }