The file containing the encryption key for MongoDB is created with permissions that potentially allow other users to read its contents. While this is mitigated in the default installation by the permissions of the data directory (#1147), we should code defensively and ensure that the permissions of this sensitive file are always restricted.

Some examples of why we should be extra cautious with this file are:

• The data directory is configurable by the user. The user may have created their own directory with insecure permissions and configured Monkey to use it. Using secure permissions for the MongoDB key file guards against user error.

• The location where the MongoDB key file is stored could be changed in the future. Using secure permissions for the MongoDB key file guards against developer error in the future.

• On Linux, os.open() can be used to set the permissions on file creation and avoid any race conditions. (0d) - @shreyamalviya

• On Windows, CreateFileA can be used to set the permissions on file creation and avoid any race conditions. (0.25d) - @shreyamalviya

Unit tests for both OS's should verify that the MongoDB key file has sufficiently secure permissions.