diff options
| author | Matthias Andree <matthias.andree@gmx.de> | 2005-09-28 01:14:27 +0000 |
|---|---|---|
| committer | Matthias Andree <matthias.andree@gmx.de> | 2005-09-28 01:14:27 +0000 |
| commit | add1ce76189c5c230abeffab2c6496feff3d7bef (patch) | |
| tree | c8ddfbcd39b9445da4ea3e7a4ef9431c530a0338 | |
| parent | a2cc9f308c8f2eaa3d1a2e92e9d5451cd87ba330 (diff) | |
| download | fetchmail-add1ce76189c5c230abeffab2c6496feff3d7bef.tar.gz fetchmail-add1ce76189c5c230abeffab2c6496feff3d7bef.tar.bz2 fetchmail-add1ce76189c5c230abeffab2c6496feff3d7bef.zip | |
SECURITY FIX: chmod the file to 0600 *before* writing to it, so passwords
aren't exposed, and set umask 077 before opening the file to be extra
safe. Configuration files larger than the Python default write buffer
might otherwise be exposed to other users.
Fix: Don't crash on saving the configuration if protocol is "auto".
Fix: Split authlist button bar in two rows.
Change: The configuration file comment now contains the fetchmailconf
version.
Change: Bump version to 1.49.
svn path=/trunk/; revision=4351
| -rwxr-xr-x | fetchmailconf.py | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/fetchmailconf.py b/fetchmailconf.py index c18dba84..1faf9b78 100755 --- a/fetchmailconf.py +++ b/fetchmailconf.py @@ -5,7 +5,7 @@ # Matthias Andree <matthias.andree@gmx.de> # Requires Python with Tkinter, and the following OS-dependent services: # posix, posixpath, socket -version = "1.48" +version = "1.49" from Tkinter import * from Dialog import * @@ -132,7 +132,7 @@ class Server: res = res + (" via " + str(self.via) + "\n"); if self.protocol != ServerDefaults.protocol: res = res + " with proto " + self.protocol - if self.service and self.service != defaultports[self.protocol] and self.service != ianaservices[defaultports[self.protocol]]: + if self.protocol and self.service != defaultports[self.protocol] and defaultports[self.protocol] and self.service != ianaservices[defaultports[self.protocol]]: res = res + " service " + self.service if self.timeout != ServerDefaults.timeout: res = res + " timeout " + `self.timeout` @@ -434,7 +434,7 @@ defaultports = {"auto":None, "ODMR":"odmr"} authlist = ("any", "password", "gssapi", "kerberos", "ssh", "otp", - "msn", "ntlm") + "msn", "ntlm") listboxhelp = { 'title' : 'List Selection Help', @@ -870,14 +870,17 @@ class ConfigurationEdit(Frame, MyWidget): # Pre-1.5.2 compatibility... except os.error: pass + oldumask = os.umask(077) fm = open(self.outfile, 'w') + os.umask(oldumask) if fm: - fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time())) + # be paranoid + if fm != sys.stdout: + os.chmod(self.outfile, 0600) + fm.write("# Configuration created %s by fetchmailconf %s\n" % (time.ctime(time.time()), version)) fm.write(`self.configuration`) if self.outfile: fm.close() - if fm != sys.stdout: - os.chmod(self.outfile, 0600) self.destruct() # @@ -1175,7 +1178,7 @@ class ServerEdit(Frame, MyWidget): Label(secwin, text="Security").pack(side=TOP) # Don't actually let users set this. KPOP sets it implicitly ButtonBar(secwin, 'Authorization mode:', - self.auth, authlist, 1, None).pack(side=TOP) + self.auth, authlist, 2, None).pack(side=TOP) if os_type == 'linux' or os_type == 'freebsd' or 'interface' in dictmembers: LabeledEntry(secwin, 'IP range to check before poll:', self.interface, leftwidth).pack(side=TOP, fill=X) |