Create ~/.pypirc securely (#13512).

There was a window between the write and the chmod where the user’s password would be exposed, depending on default permissions. Philip Jenvey’s patch fixes it.

Create ~/.pypirc securely (#13512).
There was a window between the write and the chmod where the user’s password would be exposed, depending on default permissions. Philip Jenvey’s patch fixes it.
3facc550 · Éric Araujo · 885b0922 · 3facc550
Commit 3facc550 authored Jul 03, 2012 by Éric Araujo
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

config.py config.py +1 -1

No files found.
--- a/config.py
+++ b/config.py
@@ -42,7 +42,7 @@ class PyPIRCCommand(Command):
    def _store_pypirc(self, username, password):
        """Creates a default .pypirc file."""
        rc = self._get_rc_file()
-        f = open(rc, 'w')
+        f = os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w')
        try:
            f.write(DEFAULT_PYPIRC % (username, password))
        finally: