stricter permissions on atomic_move when creating new file (#68970)

fixes #67794 updated some tests that expected previous defaults CVE-2020-1736
author: Brian Coca <bcoca@users.noreply.github.com> 2020-04-16 09:06:18 -0400
committer: GitHub <noreply@github.com> 2020-04-16 09:06:18 -0400
commit: 566f2467f6ca6e0e817ea793ef802116ad469858 (patch)
tree: 6dcb7beeb1b594b0782c25e2bf7f517d92d86b8d /lib/ansible/module_utils/common/file.py
parent: de6b047fc3e6a9d23921574de55813fa25657d4b (diff)
download: ansible-566f2467f6ca6e0e817ea793ef802116ad469858.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ansible/module_utils/common/file.py b/lib/ansible/module_utils/common/file.py
index 9703ea782e..3ca1253e82 100644
--- a/lib/ansible/module_utils/common/file.py
+++ b/lib/ansible/module_utils/common/file.py
@@ -59,7 +59,7 @@ PERMS_RE = re.compile(r'[^rwxXstugo]')
 
 _PERM_BITS = 0o7777          # file mode permission bits
 _EXEC_PERM_BITS = 0o0111     # execute permission bits
-_DEFAULT_PERM = 0o0666       # default file permission bits
+_DEFAULT_PERM = 0o0660       # default file permission bits
 
 
 def is_executable(path):
author	Brian Coca <bcoca@users.noreply.github.com>	2020-04-16 09:06:18 -0400
committer	GitHub <noreply@github.com>	2020-04-16 09:06:18 -0400
commit	566f2467f6ca6e0e817ea793ef802116ad469858 (patch)
tree	6dcb7beeb1b594b0782c25e2bf7f517d92d86b8d /lib/ansible/module_utils/common/file.py
parent	de6b047fc3e6a9d23921574de55813fa25657d4b (diff)
download	ansible-566f2467f6ca6e0e817ea793ef802116ad469858.tar.gz