From 191df92824ee12eac17edf9bae995702bafe5aaa Mon Sep 17 00:00:00 2001
From: Brian May <brian@linuxpenguins.xyz>
Date: Sat, 28 Nov 2015 16:13:56 +1100
Subject: [PATCH] Ensure tempfiles are chmod 600

---
 sshuttle/firewall.py  | 2 +-
 sshuttle/hostwatch.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/sshuttle/firewall.py b/sshuttle/firewall.py
index b5beb98..74d1494 100644
--- a/sshuttle/firewall.py
+++ b/sshuttle/firewall.py
@@ -41,7 +41,7 @@ def rewrite_etc_hosts(port):
         os.chmod(tmpname, st.st_mode)
     else:
         os.chown(tmpname, 0, 0)
-        os.chmod(tmpname, 0o644)
+        os.chmod(tmpname, 0o600)
     os.rename(tmpname, HOSTSFILE)
 
 
diff --git a/sshuttle/hostwatch.py b/sshuttle/hostwatch.py
index ad94efe..eb381aa 100644
--- a/sshuttle/hostwatch.py
+++ b/sshuttle/hostwatch.py
@@ -37,6 +37,7 @@ def write_host_cache():
         for name, ip in sorted(hostnames.items()):
             f.write('%s,%s\n' % (name, ip))
         f.close()
+        os.chmod(tmpname, 0o600)
         os.rename(tmpname, CACHEFILE)
     finally:
         try: