Fix for PR#111: when using the inplace option, give the new file the
same permissions as the old file, plugging a security hole. (Not using exactly the suggested bugfix.)
This commit is contained in:
parent
39d4a0237a
commit
dcb8583c18
|
@ -73,7 +73,7 @@ XXX Possible additions:
|
|||
|
||||
"""
|
||||
|
||||
import sys, os
|
||||
import sys, os, stat
|
||||
|
||||
_state = None
|
||||
|
||||
|
@ -203,10 +203,22 @@ class FileInput:
|
|||
self._filename + (self._backup or ".bak"))
|
||||
try: os.unlink(self._backupfilename)
|
||||
except os.error: pass
|
||||
# The next three lines may raise IOError
|
||||
# The next few lines may raise IOError
|
||||
os.rename(self._filename, self._backupfilename)
|
||||
self._file = open(self._backupfilename, "r")
|
||||
self._output = open(self._filename, "w")
|
||||
try:
|
||||
perm = os.fstat(self._file.fileno())[stat.ST_MODE]
|
||||
except:
|
||||
self._output = open(self._filename, "w")
|
||||
else:
|
||||
fd = os.open(self._filename,
|
||||
os.O_CREAT | os.O_WRONLY | os.O_TRUNC,
|
||||
perm)
|
||||
self._output = os.fdopen(fd, "w")
|
||||
try:
|
||||
os.chmod(self._filename, perm)
|
||||
except:
|
||||
pass
|
||||
self._savestdout = sys.stdout
|
||||
sys.stdout = self._output
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue