[issue21082] _get_masked_mode in os.makedirs() is a serious security problem

STINNER Victor added the comment: > http://bugs.python.org/file19849/mkdirs.tr.diff This patch comes from issue #9299: changeset 89cda0833ba6 made in Python 3.2 beta 1. The change was not backported to Python 2.7. -- ___ Python tracker

[issue21082] _get_masked_mode in os.makedirs() is a serious security problem

Changes by STINNER Victor : -- nosy: +haypo ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python

[issue21082] _get_masked_mode in os.makedirs() is a serious security problem

Georg Brandl added the comment: yes, this seems bad enough for inclusion in security releases. -- ___ Python tracker ___ ___ Python-bu

[issue21082] _get_masked_mode in os.makedirs() is a serious security problem

Ned Deily added the comment: The issue associated with the patch in question is Issue9299. Adding possibly affected releases and release managers for evaluation. -- keywords: +security_issue nosy: +georg.brandl, larry, ned.deily priority: normal -> high versions: +Python 3.2, Python 3.4

[issue21082] _get_masked_mode in os.makedirs() is a serious security problem

New submission from Ryan Lortie: http://bugs.python.org/file19849/mkdirs.tr.diff introduced a patch with this code in it: +def _get_masked_mode(mode): +mask = umask(0) +umask(mask) +return mode & ~mask This changes the umask of the entire process. If another thread manages to cre