diff options
author | Cédric Picard <cedric.picard@efrei.net> | 2016-12-09 14:35:57 +0100 |
---|---|---|
committer | VG <vg@devys.org> | 2016-12-09 14:41:29 +0100 |
commit | eb5f48d46ebb6fa14c831e1c20335b51b9296627 (patch) | |
tree | 0e727ad086b767f79a5f981e32e5473d3506d323 /clip | |
parent | f0e69d196e8733fe888aa5f18d6aeca11a79e739 (diff) | |
download | clip-eb5f48d46ebb6fa14c831e1c20335b51b9296627.tar.gz clip-eb5f48d46ebb6fa14c831e1c20335b51b9296627.tar.bz2 clip-eb5f48d46ebb6fa14c831e1c20335b51b9296627.zip |
Revert to using append as it provides better security
Signed-off-by: VG <vg@devys.org>
Diffstat (limited to 'clip')
-rwxr-xr-x | clip | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -37,12 +37,18 @@ def fileno(filelike): @contextlib.contextmanager -def secure_open(path, *l, **kw): +def secure_open(path, mode='r', *l, **kw): if os.path.islink(path): raise SecurityError("The clipboard file can not be a symlink") - with open(path, *l, **kw) as fo: + real_mode = mode + if 'w' in real_mode: + real_mode = real_mode.replace('w', 'a') + with open(path, real_mode, *l, **kw) as fo: if os.fstat(fileno(fo)) != os.stat(path): raise SecurityError("Intrusion might have been done on %s" % path) + if 'w' in mode: + os.lseek(fileno(fo), 0, os.SEEK_SET) + os.ftruncate(fileno(fo), 0) os.fchmod(fileno(fo), 0o600) yield fo |