Message215026
The shell command "umask" calls umask(022) to get the current umask, and then call umask() with result of the first call.
022 is the default umask, it's probably safer to call umask(0o22) in _get_masked_mode() instead of umask(0).
Attached patch makes this change.
If you change something, it should be backported to 3.2, 3.3 and 3.4, because I agree that it affects the security. |
|
Date |
User |
Action |
Args |
2014-03-28 09:10:53 | vstinner | set | recipients:
+ vstinner, georg.brandl, larry, ned.deily, desrt |
2014-03-28 09:10:53 | vstinner | set | messageid: <1395997853.22.0.324664220296.issue21082@psf.upfronthosting.co.za> |
2014-03-28 09:10:53 | vstinner | link | issue21082 messages |
2014-03-28 09:10:52 | vstinner | create | |
|