fix(crypto/keyring): disallow non-owner reads of keyhash (#15258)

2023-03-03 11:25:22 -05:00 · 2023-03-03 11:25:22 -05:00 · ac74e23769
commit ac74e23769
parent 08be7ab2f5
2 changed files with 2 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -154,6 +154,7 @@ Ref: https://keepachangelog.com/en/1.0.0/
 * [#14995](https://github.com/cosmos/cosmos-sdk/pull/14995) Allow unknown fields in `ParseTypedEvent`.
 * (store) [#14931](https://github.com/cosmos/cosmos-sdk/pull/14931) Exclude in-memory KVStores, i.e. `StoreTypeMemory`, from CommitInfo commitments.
 * (types/coin) [#14739](https://github.com/cosmos/cosmos-sdk/pull/14739) Deprecate the method `Coin.IsEqual` in favour of  `Coin.Equal`. The difference between the two methods is that the first one results in a panic when denoms are not equal. This panic lead to unexpected behavior
+* (x/crypto) [#15258](https://github.com/cosmos/cosmos-sdk/pull/15258) Write keyhash file with permissions 0600 instead of 0555.

 ### Deprecated

--- a/crypto/keyring/keyring.go
+++ b/crypto/keyring/keyring.go
@ -757,7 +757,7 @@ func newRealPrompt(dir string, buf io.Reader) func(string) (string, error) {
 				continue
 			}

-			if err := os.WriteFile(dir+"/keyhash", passwordHash, 0o555); err != nil {
+			if err := os.WriteFile(keyhashFilePath, passwordHash, 0o600); err != nil {
 				return "", err
 			}