aboutsummaryrefslogtreecommitdiffstats
path: root/fetchmailconf
diff options
context:
space:
mode:
authorEric S. Raymond <esr@thyrsus.com>2000-06-20 18:12:55 +0000
committerEric S. Raymond <esr@thyrsus.com>2000-06-20 18:12:55 +0000
commitef3579cb8447cde2050229a20ffd9300c71715ea (patch)
treef0961a20801358cb785f76b61182da05f284fb3c /fetchmailconf
parentb89d0d9e4c5c7624c369d3d86b69e1568930476a (diff)
downloadfetchmail-ef3579cb8447cde2050229a20ffd9300c71715ea.tar.gz
fetchmail-ef3579cb8447cde2050229a20ffd9300c71715ea.tar.bz2
fetchmail-ef3579cb8447cde2050229a20ffd9300c71715ea.zip
Plug a security hole.
svn path=/trunk/; revision=2905
Diffstat (limited to 'fetchmailconf')
-rwxr-xr-xfetchmailconf8
1 files changed, 5 insertions, 3 deletions
diff --git a/fetchmailconf b/fetchmailconf
index 2577894f..d2ee951f 100755
--- a/fetchmailconf
+++ b/fetchmailconf
@@ -1831,12 +1831,14 @@ gUSiYASJpMEHhilJTEnhAlGoQqYAZQ1AiqEMZ0jDGtqQImhwwA13yMMevoQAGvGhEAWHGMOAAAA7
ServerDefaults = Server()
UserDefaults = User()
- # Read the existing configuration
+ # Read the existing configuration. We set the umask to 077 to make sure
+ # that group & other read/write permissions are shut off -- we wouldn't
+ # want crackers to snoop password information out of the tempfile.
tmpfile = "/tmp/fetchmailconf." + `os.getpid()`
if rcfile:
- cmd = "fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile
+ cmd = "umask 077; fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile
else:
- cmd = "fetchmail --configdump --nosyslog >" + tmpfile
+ cmd = "umask 077; fetchmail --configdump --nosyslog >" + tmpfile
try:
s = os.system(cmd)