mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-23 08:53:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Fix for PR#111: when using the inplace option, give the new file the

Browse source 
same permissions as the old file, plugging a security hole.
(Not using exactly the suggested bugfix.)
This commit is contained in:
Guido van Rossum 1999-10-18 21:41:43 +00:00
parent 39d4a0237a
commit dcb8583c18
1 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

18
Lib/fileinput.py
View file

@ -73,7 +73,7 @@ XXX Possible additions:
""" """
import sys, os import sys, os, stat
_state = None _state = None
@ -203,10 +203,22 @@ class FileInput:
self._filename + (self._backup or ".bak")) self._filename + (self._backup or ".bak"))
try: os.unlink(self._backupfilename) try: os.unlink(self._backupfilename)
except os.error: pass except os.error: pass
# The next three lines may raise IOError # The next few lines may raise IOError
os.rename(self._filename, self._backupfilename) os.rename(self._filename, self._backupfilename)
self._file = open(self._backupfilename, "r") self._file = open(self._backupfilename, "r")
self._output = open(self._filename, "w") try:
perm = os.fstat(self._file.fileno())[stat.ST_MODE]
except:
self._output = open(self._filename, "w")
else:
fd = os.open(self._filename,
os.O_CREAT | os.O_WRONLY | os.O_TRUNC,
perm)
self._output = os.fdopen(fd, "w")
try:
os.chmod(self._filename, perm)
except:
pass
self._savestdout = sys.stdout self._savestdout = sys.stdout
sys.stdout = self._output sys.stdout = self._output
else: else: