Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity

Create ~/.pypirc securely (#13512). 

There was a window between the write and the chmod where the user’s
password would be exposed, depending on default permissions.  Philip
Jenvey’s patch fixes it.
This commit is contained in:
Éric Araujo 2012-07-03 01:23:46 -04:00
parent 9e06e37be0
commit e5567ccc86
3 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Lib/distutils/config.py
View File

@ -42,7 +42,7 @@ class PyPIRCCommand(Command):
def _store_pypirc(self, username, password): def _store_pypirc(self, username, password):
"""Creates a default .pypirc file.""" """Creates a default .pypirc file."""
rc = self._get_rc_file() rc = self._get_rc_file()
f = open(rc, 'w') f = os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w')
try: try:
f.write(DEFAULT_PYPIRC % (username, password)) f.write(DEFAULT_PYPIRC % (username, password))
finally: finally:

1
Misc/ACKS
View File

@ -412,6 +412,7 @@ Bill Janssen
Thomas Jarosch Thomas Jarosch
Drew Jenkins Drew Jenkins
Flemming Kjær Jensen Flemming Kjær Jensen
Philip Jenvey
Jiba Jiba
Orjan Johansen Orjan Johansen
Fredrik Johansson Fredrik Johansson

3
Misc/NEWS
View File

@ -14,6 +14,9 @@ Core and Builtins
longer raised due to a read system call returning EINTR from within these longer raised due to a read system call returning EINTR from within these
methods. methods.
- Issue #13512: Create ~/.pypirc securely (CVE-2011-4944). Initial patch by
Philip Jenvey, tested by Mageia and Debian.
- Issue #7719: Make distutils ignore ``.nfs*`` files instead of choking later - Issue #7719: Make distutils ignore ``.nfs*`` files instead of choking later
on. Initial patch by SilentGhost and Jeff Ramnani. on. Initial patch by SilentGhost and Jeff Ramnani.