From ef3579cb8447cde2050229a20ffd9300c71715ea Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 20 Jun 2000 18:12:55 +0000
Subject: Plug a security hole.

svn path=/trunk/; revision=2905
---
 fetchmailconf | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'fetchmailconf')

diff --git a/fetchmailconf b/fetchmailconf
index 2577894f..d2ee951f 100755
--- a/fetchmailconf
+++ b/fetchmailconf
@@ -1831,12 +1831,14 @@ gUSiYASJpMEHhilJTEnhAlGoQqYAZQ1AiqEMZ0jDGtqQImhwwA13yMMevoQAGvGhEAWHGMOAAAA7
     ServerDefaults = Server()
     UserDefaults = User()
 
-    # Read the existing configuration
+    # Read the existing configuration.  We set the umask to 077 to make sure
+    # that group & other read/write permissions are shut off -- we wouldn't
+    # want crackers to snoop password information out of the tempfile.
     tmpfile = "/tmp/fetchmailconf." + `os.getpid()`
     if rcfile:
-        cmd = "fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile
+        cmd = "umask 077; fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile
     else:
-        cmd = "fetchmail --configdump --nosyslog >" + tmpfile
+        cmd = "umask 077; fetchmail --configdump --nosyslog >" + tmpfile
         
     try:
         s = os.system(cmd)
-- 
cgit v1.2.3