From add1ce76189c5c230abeffab2c6496feff3d7bef Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Wed, 28 Sep 2005 01:14:27 +0000 Subject: SECURITY FIX: chmod the file to 0600 *before* writing to it, so passwords aren't exposed, and set umask 077 before opening the file to be extra safe. Configuration files larger than the Python default write buffer might otherwise be exposed to other users. Fix: Don't crash on saving the configuration if protocol is "auto". Fix: Split authlist button bar in two rows. Change: The configuration file comment now contains the fetchmailconf version. Change: Bump version to 1.49. svn path=/trunk/; revision=4351 --- fetchmailconf.py | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'fetchmailconf.py') diff --git a/fetchmailconf.py b/fetchmailconf.py index c18dba84..1faf9b78 100755 --- a/fetchmailconf.py +++ b/fetchmailconf.py @@ -5,7 +5,7 @@ # Matthias Andree # Requires Python with Tkinter, and the following OS-dependent services: # posix, posixpath, socket -version = "1.48" +version = "1.49" from Tkinter import * from Dialog import * @@ -132,7 +132,7 @@ class Server: res = res + (" via " + str(self.via) + "\n"); if self.protocol != ServerDefaults.protocol: res = res + " with proto " + self.protocol - if self.service and self.service != defaultports[self.protocol] and self.service != ianaservices[defaultports[self.protocol]]: + if self.protocol and self.service != defaultports[self.protocol] and defaultports[self.protocol] and self.service != ianaservices[defaultports[self.protocol]]: res = res + " service " + self.service if self.timeout != ServerDefaults.timeout: res = res + " timeout " + `self.timeout` @@ -434,7 +434,7 @@ defaultports = {"auto":None, "ODMR":"odmr"} authlist = ("any", "password", "gssapi", "kerberos", "ssh", "otp", - "msn", "ntlm") + "msn", "ntlm") listboxhelp = { 'title' : 'List Selection Help', @@ -870,14 +870,17 @@ class ConfigurationEdit(Frame, MyWidget): # Pre-1.5.2 compatibility... except os.error: pass + oldumask = os.umask(077) fm = open(self.outfile, 'w') + os.umask(oldumask) if fm: - fm.write("# Configuration created %s by fetchmailconf\n" % time.ctime(time.time())) + # be paranoid + if fm != sys.stdout: + os.chmod(self.outfile, 0600) + fm.write("# Configuration created %s by fetchmailconf %s\n" % (time.ctime(time.time()), version)) fm.write(`self.configuration`) if self.outfile: fm.close() - if fm != sys.stdout: - os.chmod(self.outfile, 0600) self.destruct() # @@ -1175,7 +1178,7 @@ class ServerEdit(Frame, MyWidget): Label(secwin, text="Security").pack(side=TOP) # Don't actually let users set this. KPOP sets it implicitly ButtonBar(secwin, 'Authorization mode:', - self.auth, authlist, 1, None).pack(side=TOP) + self.auth, authlist, 2, None).pack(side=TOP) if os_type == 'linux' or os_type == 'freebsd' or 'interface' in dictmembers: LabeledEntry(secwin, 'IP range to check before poll:', self.interface, leftwidth).pack(side=TOP, fill=X) -- cgit v1.2.3