aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorCédric Picard <cedric.picard@efrei.net>2016-12-09 14:35:57 +0100
committerVG <vg@devys.org>2016-12-09 14:41:29 +0100
commiteb5f48d46ebb6fa14c831e1c20335b51b9296627 (patch)
tree0e727ad086b767f79a5f981e32e5473d3506d323
parentf0e69d196e8733fe888aa5f18d6aeca11a79e739 (diff)
downloadclip-eb5f48d46ebb6fa14c831e1c20335b51b9296627.tar.gz
clip-eb5f48d46ebb6fa14c831e1c20335b51b9296627.tar.bz2
clip-eb5f48d46ebb6fa14c831e1c20335b51b9296627.zip
Revert to using append as it provides better security
Signed-off-by: VG <vg@devys.org>
-rwxr-xr-xclip10
1 files changed, 8 insertions, 2 deletions
diff --git a/clip b/clip
index f61b751..0bdc35f 100755
--- a/clip
+++ b/clip
@@ -37,12 +37,18 @@ def fileno(filelike):
@contextlib.contextmanager
-def secure_open(path, *l, **kw):
+def secure_open(path, mode='r', *l, **kw):
if os.path.islink(path):
raise SecurityError("The clipboard file can not be a symlink")
- with open(path, *l, **kw) as fo:
+ real_mode = mode
+ if 'w' in real_mode:
+ real_mode = real_mode.replace('w', 'a')
+ with open(path, real_mode, *l, **kw) as fo:
if os.fstat(fileno(fo)) != os.stat(path):
raise SecurityError("Intrusion might have been done on %s" % path)
+ if 'w' in mode:
+ os.lseek(fileno(fo), 0, os.SEEK_SET)
+ os.ftruncate(fileno(fo), 0)
os.fchmod(fileno(fo), 0o600)
yield fo