Package: python2.7
Version: 2.7.2-7
Severity: important
Tags: security
Just to have it visible from python2.7, too:
-- begin citation --
distutils uses this method to create .pypirc:
def _store_pypirc(self, username, password):
"""Creates a default .pypirc file."""
rc = self._get_rc_file()
f = open(rc, 'w')
try:
f.write(DEFAULT_PYPIRC % (username, password))
finally:
f.close()
try:
os.chmod(rc, 0600)
except OSError:
# should do something better here
pass
There is a tiny timing window between write() and chmod() calls in
which the file (with user's password) is world-readable.
--
Jaku Wilk
-- end citation --
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
