From 83108d4dc1322117630935822899176f76c77ecb Mon Sep 17 00:00:00 2001
From: Valentin Lab <valentin.lab@kalysto.org>
Date: Thu, 15 Feb 2024 14:37:03 +0100
Subject: [PATCH] fix: [compose-core] improve protection of relation data file
 !minor

Fixes a timing issue where the data in the relation file could be read.
---
 bin/compose-core | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/bin/compose-core b/bin/compose-core
index 79822df..9218f7c 100755
--- a/bin/compose-core
+++ b/bin/compose-core
@@ -3069,9 +3069,11 @@ get_relation_data_file() {
         new=true
     fi
 
-    if [ "$new" ]; then
+    if [ -n "$new" ]; then
+        OLDUMASK=$(umask)
+        umask 0077
         e "$relation_config" > "$relation_data_file"
-        chmod go-rwx "$relation_data_file"  ## protecting this file
+        umask "$OLDUMASK"
         e "$relation_config" | md5_compat > "$relation_data_file.md5_ref"
     fi
     echo "$relation_data_file"