diff options
| author | Eric S. Raymond <esr@thyrsus.com> | 2000-06-20 18:12:55 +0000 |
|---|---|---|
| committer | Eric S. Raymond <esr@thyrsus.com> | 2000-06-20 18:12:55 +0000 |
| commit | ef3579cb8447cde2050229a20ffd9300c71715ea (patch) | |
| tree | f0961a20801358cb785f76b61182da05f284fb3c | |
| parent | b89d0d9e4c5c7624c369d3d86b69e1568930476a (diff) | |
| download | fetchmail-ef3579cb8447cde2050229a20ffd9300c71715ea.tar.gz fetchmail-ef3579cb8447cde2050229a20ffd9300c71715ea.tar.bz2 fetchmail-ef3579cb8447cde2050229a20ffd9300c71715ea.zip | |
Plug a security hole.
svn path=/trunk/; revision=2905
| -rwxr-xr-x | fetchmailconf | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/fetchmailconf b/fetchmailconf index 2577894f..d2ee951f 100755 --- a/fetchmailconf +++ b/fetchmailconf @@ -1831,12 +1831,14 @@ gUSiYASJpMEHhilJTEnhAlGoQqYAZQ1AiqEMZ0jDGtqQImhwwA13yMMevoQAGvGhEAWHGMOAAAA7 ServerDefaults = Server() UserDefaults = User() - # Read the existing configuration + # Read the existing configuration. We set the umask to 077 to make sure + # that group & other read/write permissions are shut off -- we wouldn't + # want crackers to snoop password information out of the tempfile. tmpfile = "/tmp/fetchmailconf." + `os.getpid()` if rcfile: - cmd = "fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile + cmd = "umask 077; fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile else: - cmd = "fetchmail --configdump --nosyslog >" + tmpfile + cmd = "umask 077; fetchmail --configdump --nosyslog >" + tmpfile try: s = os.system(cmd) |