Message191482
> Shouldn't you try to make the permission removal atomic? Otherwise there's a window of opportunity to exploit the suid bit.
Permissions bits are copied from the source file *after* all data has been copied to the destination file. copy() calls copyfile() followed by copymode()
copyfile() doesn't create files with SUID. In fact it has 0666 & umask. In worst case the new file is readable and writable by every user. The new patch addresses the unlikely issue with os.open()ing the file with mask=0600.
I could also add a create_mode argument to _io.FileIO() in order to make the permission bits of new files more flexible. Modules/_io/fileio.c hard codes mode as 0600. |
|
Date |
User |
Action |
Args |
2013-06-19 14:44:00 | christian.heimes | set | recipients:
+ christian.heimes, georg.brandl, pitrou, larry, benjamin.peterson, tarek, Arfrever, milko.krachounov, neologix, hynek |
2013-06-19 14:43:59 | christian.heimes | set | messageid: <1371653039.95.0.800199447912.issue17180@psf.upfronthosting.co.za> |
2013-06-19 14:43:59 | christian.heimes | link | issue17180 messages |
2013-06-19 14:43:59 | christian.heimes | create | |
|