Merge pull request #1216 from guardicore/data_dir_race_condition_linux

Fixed a race condition for linux secure directory creation

monkey/monkey_island/cc/environment/linux_permissions.py

@@ -1,7 +0,0 @@
-import os
-import stat
-
-
-def set_perms_to_owner_only(path: str):
-    # Read, write, and execute by owner
-    os.chmod(path, stat.S_IRWXU)

monkey/monkey_island/cc/environment/utils.py

@@ -9,24 +9,24 @@ def is_windows_os() -> bool:
 
 if is_windows_os():
     import monkey_island.cc.environment.windows_permissions as windows_permissions
-else:
-    import monkey_island.cc.environment.linux_permissions as linux_permissions  # noqa: E402
 
 LOG = logging.getLogger(__name__)
 
 
 def create_secure_directory(path: str, create_parent_dirs: bool):
     if not os.path.isdir(path):
-        create_directory(path, create_parent_dirs)
+        _create_secure_directory(path, create_parent_dirs)
         set_secure_permissions(path)
 
 
-def create_directory(path: str, create_parent_dirs: bool):
+def _create_secure_directory(path: str, create_parent_dirs: bool):
     try:
         if create_parent_dirs:
-            os.makedirs(path)
+            # Don't split directory creation and permission setting
+            # because it will temporarily create an accessible directory which anyone can use.
+            os.makedirs(path, mode=0o700)
         else:
-            os.mkdir(path)
+            os.mkdir(path, mode=0o700)
     except Exception as ex:
         LOG.error(
             f'Could not create a directory at "{path}" (maybe environmental variables could not be '
@@ -39,8 +39,6 @@ def set_secure_permissions(dir_path: str):
     try:
         if is_windows_os():
             windows_permissions.set_perms_to_owner_only(folder_path=dir_path)
-        else:
-            linux_permissions.set_perms_to_owner_only(path=dir_path)
     except Exception as ex:
         LOG.error(f"Permissions could not be set successfully for {dir_path}: {str(ex)}")
         raise ex

monkey/tests/unit_tests/monkey_island/cc/environment/test_utils.py

@@ -8,9 +8,7 @@ from monkey_island.cc.environment.utils import create_secure_directory, is_windo
 
 @pytest.fixture
 def test_path_nested(tmpdir):
-    nested_path = "test1/test2/test3"
-    path = os.path.join(tmpdir, nested_path)
-
+    path = os.path.join(tmpdir, "test1", "test2", "test3")
     return path