From eb5f48d46ebb6fa14c831e1c20335b51b9296627 Mon Sep 17 00:00:00 2001
From: Cédric Picard <cedric.picard@efrei.net>
Date: Fri, 9 Dec 2016 14:35:57 +0100
Subject: Revert to using append as it provides better security

Signed-off-by: VG <vg@devys.org>
---
 clip | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/clip b/clip
index f61b751..0bdc35f 100755
--- a/clip
+++ b/clip
@@ -37,12 +37,18 @@ def fileno(filelike):
 
 
 @contextlib.contextmanager
-def secure_open(path, *l, **kw):
+def secure_open(path, mode='r', *l, **kw):
     if os.path.islink(path):
         raise SecurityError("The clipboard file can not be a symlink")
-    with open(path, *l, **kw) as fo:
+    real_mode = mode
+    if 'w' in real_mode:
+        real_mode = real_mode.replace('w', 'a')
+    with open(path, real_mode, *l, **kw) as fo:
         if os.fstat(fileno(fo)) != os.stat(path):
             raise SecurityError("Intrusion might have been done on %s" % path)
+        if 'w' in mode:
+            os.lseek(fileno(fo), 0, os.SEEK_SET)
+            os.ftruncate(fileno(fo), 0)
         os.fchmod(fileno(fo), 0o600)
         yield fo
 
-- 
cgit v1.2.3