Plug a security hole.

author Eric S. Raymond <esr@thyrsus.com>

Tue, 20 Jun 2000 18:12:55 +0000 (18:12 -0000)

committer Eric S. Raymond <esr@thyrsus.com>

Tue, 20 Jun 2000 18:12:55 +0000 (18:12 -0000)
author Eric S. Raymond <esr@thyrsus.com>
Tue, 20 Jun 2000 18:12:55 +0000 (18:12 -0000)
committer Eric S. Raymond <esr@thyrsus.com>
Tue, 20 Jun 2000 18:12:55 +0000 (18:12 -0000)
diff --git a/fetchmailconf b/fetchmailconf

index 2577894f753eba050559e845bc7f7b4d0f5b6cb7..d2ee951f18dd4d46f568a1c282ddebc6484c432e 100755 (executable)
--- a/fetchmailconf
+++ b/fetchmailconf
@@ -1831,12 +1831,14 @@ gUSiYASJpMEHhilJTEnhAlGoQqYAZQ1AiqEMZ0jDGtqQImhwwA13yMMevoQAGvGhEAWHGMOAAAA7
      ServerDefaults = Server()
      UserDefaults = User()
  
-    # Read the existing configuration
+    # Read the existing configuration.  We set the umask to 077 to make sure
+    # that group & other read/write permissions are shut off -- we wouldn't
+    # want crackers to snoop password information out of the tempfile.
      tmpfile = "/tmp/fetchmailconf." + `os.getpid()`
      if rcfile:
-        cmd = "fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile
+        cmd = "umask 077; fetchmail -f " + rcfile + " --configdump --nosyslog >" + tmpfile
      else:
-        cmd = "fetchmail --configdump --nosyslog >" + tmpfile
+        cmd = "umask 077; fetchmail --configdump --nosyslog >" + tmpfile
          
      try:
          s = os.system(cmd)
author	Eric S. Raymond <esr@thyrsus.com>
	Tue, 20 Jun 2000 18:12:55 +0000 (18:12 -0000)
committer	Eric S. Raymond <esr@thyrsus.com>
	Tue, 20 Jun 2000 18:12:55 +0000 (18:12 -0000)