STINNER Victor added the comment: The shell command "umask" calls umask(022) to get the current umask, and then call umask() with result of the first call.
022 is the default umask, it's probably safer to call umask(0o22) in _get_masked_mode() instead of umask(0). Attached patch makes this change. If you change something, it should be backported to 3.2, 3.3 and 3.4, because I agree that it affects the security. ---------- keywords: +patch Added file: http://bugs.python.org/file34649/get_masked_mode.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21082> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
