Create ~/.pypirc securely (#13512).

There was a window between the write and the chmod where the user’s password would be exposed, depending on default permissions. Philip Jenvey’s patch fixes it.
author: Éric Araujo <merwok@netwok.org> 2012-07-03 05:23:46 (GMT)
committer: Éric Araujo <merwok@netwok.org> 2012-07-03 05:23:46 (GMT)
commit: e5567ccc863cadb68f5e57a2760e021e0d3807cf (patch)
tree: 9fd8efdce5aa24773b4aa1682b3f1204cef1b524 /Lib/distutils
parent: 9e06e37be0afb8503da29c72b19179e3da25fb87 (diff)
download: cpython-e5567ccc863cadb68f5e57a2760e021e0d3807cf.zip
cpython-e5567ccc863cadb68f5e57a2760e021e0d3807cf.tar.gz
cpython-e5567ccc863cadb68f5e57a2760e021e0d3807cf.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/Lib/distutils/config.py b/Lib/distutils/config.py
index afa403f..9d8b30e 100644
--- a/Lib/distutils/config.py
+++ b/Lib/distutils/config.py
@@ -42,7 +42,7 @@ class PyPIRCCommand(Command):
     def _store_pypirc(self, username, password):
         """Creates a default .pypirc file."""
         rc = self._get_rc_file()
-        f = open(rc, 'w')
+        f = os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w')
         try:
             f.write(DEFAULT_PYPIRC % (username, password))
         finally:
author	Éric Araujo <merwok@netwok.org>	2012-07-03 05:23:46 (GMT)
committer	Éric Araujo <merwok@netwok.org>	2012-07-03 05:23:46 (GMT)
commit	e5567ccc863cadb68f5e57a2760e021e0d3807cf (patch)
tree	9fd8efdce5aa24773b4aa1682b3f1204cef1b524 /Lib/distutils
parent	9e06e37be0afb8503da29c72b19179e3da25fb87 (diff)
download	cpython-e5567ccc863cadb68f5e57a2760e021e0d3807cf.zip cpython-e5567ccc863cadb68f5e57a2760e021e0d3807cf.tar.gz cpython-e5567ccc863cadb68f5e57a2760e021e0d3807cf.tar.bz2