Obfuscate cookie

src/lib/Conf.pm

@@ -2368,6 +2368,18 @@ sub _save_binary_cache {
         }
         return undef;
     }
+    eval { chmod(0640, $param->{'target_file'}); };
+    if ($EVAL_ERROR) {
+        $log->syslog(
+            'err',
+            'Failed to change mode of the binary file %s. error: %s',
+            $param->{'target_file'}, $EVAL_ERROR
+        );
+        unless ($lock_fh->close()) {
+            return undef;
+        }
+        return undef;
+    }
     unless ($lock_fh->close()) {
         return undef;
     }

src/lib/Sympa/ConfDef.pm

@@ -1238,6 +1238,7 @@ our @params = (
         'sample'     => '123456789',
         'gettext_id' => 'Secret string for generating unique keys',
         'file'       => 'sympa.conf',
+        'obfuscated' => '1',
         'gettext_comment' =>
             "This allows generated authentication keys to differ from a site to another. It is also used for encryption of user passwords stored in the database. The presence of this string is one reason why access to \"sympa.conf\" needs to be restricted to the \"sympa\" user.\nNote that changing this parameter will break all HTTP cookies stored in users' browsers, as well as all user passwords and lists X509 private keys. To prevent a catastrophe, Sympa refuses to start if this \"cookie\" parameter was changed.",
         'optional' => '1',