diff options
| author | Guido van Rossum <guido@python.org> | 1999-10-18 21:41:43 (GMT) |
|---|---|---|
| committer | Guido van Rossum <guido@python.org> | 1999-10-18 21:41:43 (GMT) |
| commit | dcb8583c180bc9c477f58f77166dc2abbccadc11 (patch) | |
| tree | 33ee5799d5eca4ee3bf2c02901222affb6fe6911 /Lib | |
| parent | 39d4a0237a921d93e879739042f1bcada1e92751 (diff) | |
| download | cpython-dcb8583c180bc9c477f58f77166dc2abbccadc11.zip cpython-dcb8583c180bc9c477f58f77166dc2abbccadc11.tar.gz cpython-dcb8583c180bc9c477f58f77166dc2abbccadc11.tar.bz2 | |
Fix for PR#111: when using the inplace option, give the new file the
same permissions as the old file, plugging a security hole.
(Not using exactly the suggested bugfix.)
Diffstat (limited to 'Lib')
| -rw-r--r-- | Lib/fileinput.py | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/Lib/fileinput.py b/Lib/fileinput.py index 2e26b5b..8f73fad 100644 --- a/Lib/fileinput.py +++ b/Lib/fileinput.py @@ -73,7 +73,7 @@ XXX Possible additions: """ -import sys, os +import sys, os, stat _state = None @@ -203,10 +203,22 @@ class FileInput: self._filename + (self._backup or ".bak")) try: os.unlink(self._backupfilename) except os.error: pass - # The next three lines may raise IOError + # The next few lines may raise IOError os.rename(self._filename, self._backupfilename) self._file = open(self._backupfilename, "r") - self._output = open(self._filename, "w") + try: + perm = os.fstat(self._file.fileno())[stat.ST_MODE] + except: + self._output = open(self._filename, "w") + else: + fd = os.open(self._filename, + os.O_CREAT | os.O_WRONLY | os.O_TRUNC, + perm) + self._output = os.fdopen(fd, "w") + try: + os.chmod(self._filename, perm) + except: + pass self._savestdout = sys.stdout sys.stdout = self._output else: |