limit create file permissions

Be safe by default, create files so that other users can't read them,
at least until the original permissions are set.

CHANGES

@@ -13,6 +13,7 @@ Version 0.14
 - Add MacPorts' path to the default openssl search path (#101)
 - HashIndex improvements, eliminates unnecessary IO on low memory systems.
 - Fix "Number of files" output for attic info. (#124)
+- limit create file permissions so files aren't read while restoring
 
 Version 0.13
 ------------

attic/archiver.py

@@ -186,6 +186,8 @@ Type "Yes I am sure" if you understand this and want to continue.\n""")
 
     def do_extract(self, args):
         """Extract archive contents"""
+        # be restrictive when restoring files, restore permissions later
+        os.umask(0o077)
         repository = self.open_repository(args.archive)
         manifest, key = Manifest.load(repository)
         archive = Archive(repository, key, manifest, args.archive.archive,