File CVE-2019-19724-2x.patch of Package singularity.11767

diff --git a/bin/singularity.in b/bin/singularity.in
index 212324f19..2f9608bf4 100644
--- a/bin/singularity.in
+++ b/bin/singularity.in
@@ -54,6 +54,29 @@ else
     exit 1
 fi
 
+message 5 "Securing .singularity directory"
+if ! USERID=`id -ru`; then
+        message ERROR "Could not ascertain user ID\n"
+        exit 255
+fi
+
+if ! HOME=`getent passwd ${USERID} | cut -d: -f6`; then
+    message ERROR "Could not discover user's home directory\n"
+    ABORT 255
+fi
+
+# Force 700 on an existing directory
+if [ -d "${HOME}/.singularity" ]; then
+    if ! chmod -f 700 "${HOME}/.singularity"; then
+        message WARN "Could not ensure secure 700 permissions on ${HOME}/.singularity\n"
+    fi
+else
+# Create new with 700 immediately
+    if ! mkdir -p -m 700 "${HOME}/.singularity"; then
+        message WARN "Could not create ${HOME}/.singularity directory\n"
+    fi
+fi
+
 message 5 "Starting argument loop\n"
 
 while true; do
diff --git a/libexec/python/sutils.py b/libexec/python/sutils.py
index 4c92b08be..81b6acdd8 100644
--- a/libexec/python/sutils.py
+++ b/libexec/python/sutils.py
@@ -280,19 +280,19 @@ def get_cache(subfolder=None, quiet=False):
         cache_base = "%s/%s" % (cache_base, subfolder)
 
     # Create the cache folder(s), if don't exist
-    create_folders(cache_base)
+    create_folders(cache_base, 0o700)
 
     if not quiet:
         bot.info("Cache folder set to %s" % cache_base)
     return cache_base
 
 
-def create_folders(path):
+def create_folders(path, mode):
     '''create_folders attempts to get the same functionality as mkdir -p
     :param path: the path to create.
     '''
     try:
-        os.makedirs(path)
+        os.makedirs(path, mode)
     except OSError as e:
         if e.errno == errno.EEXIST and os.path.isdir(path):
             pass
@@ -300,6 +300,14 @@ def create_folders(path):
             bot.error("Error creating path %s, exiting." % path)
             sys.exit(1)
 
+    try:
+        if (os.stat(path).st_mode & 0o777) != mode:
+            bot.info("Setting %o permissions on folder %s" % (mode, path))
+            os.chmod(path, mode)
+    except OSError as e:
+        bot.warning("Could not set %o permissions on folder %s" % (mode, path))
+
+
 
 ############################################################################
 # PERMISSIONS ##############################################################