diff options
| author | Jason R. Coombs <jaraco@jaraco.com> | 2013-06-29 10:23:31 -0400 |
|---|---|---|
| committer | Jason R. Coombs <jaraco@jaraco.com> | 2013-06-29 10:23:31 -0400 |
| commit | 0d20ce20254e5413074ce909cd9b9dee4313d6b5 (patch) | |
| tree | 740c2be2977879c469d2a2e271bed62081ea7ddc | |
| parent | 641eac6550896506fa939205f249bcfb8f057d57 (diff) | |
| parent | 1ba56e8ddabe69b7837307f260a6b5e2f1c0b7c2 (diff) | |
| download | python-setuptools-git-0.6.46.tar.gz | |
Merge second phase of fix for #3750.6.46
--HG--
branch : distribute
| -rw-r--r-- | CHANGES.txt | 8 | ||||
| -rw-r--r-- | pkg_resources.py | 26 |
2 files changed, 34 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index ac7f59d1..029e4277 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -3,6 +3,14 @@ CHANGES ======= ------ +0.6.46 +------ + +* Issue #375: Issue a warning if the PYTHON_EGG_CACHE or otherwise + customized egg cache location specifies a directory that's group- or + world-writable. + +------ 0.6.45 ------ diff --git a/pkg_resources.py b/pkg_resources.py index 74acecd5..8f962ebd 100644 --- a/pkg_resources.py +++ b/pkg_resources.py @@ -14,6 +14,8 @@ method. """ import sys, os, time, re, imp, types, zipfile, zipimport +import warnings +import stat from urlparse import urlparse, urlunparse try: @@ -987,6 +989,7 @@ variable to point to an accessible directory. extract, as it tracks the generated names for possible cleanup later. """ extract_path = self.extraction_path or get_default_cache() + self._warn_unsafe_extraction(extract_path) target_path = os.path.join(extract_path, archive_name+'-tmp', *names) try: _bypass_ensure_directory(target_path) @@ -996,6 +999,29 @@ variable to point to an accessible directory. self.cached_files[target_path] = 1 return target_path + @staticmethod + def warn_unsafe_extraction_path(path): + """ + If the default extraction path is overridden and set to an insecure + location, such as /tmp, it opens up an opportunity for an attacker to + replace an extracted file with an unauthorized payload. Warn the user + if a known insecure location is used. + + See Distribute #375 for more details. + """ + if os.name == 'nt' and not path.startswith(os.environ['windir']): + # On Windows, permissions are generally restrictive by default + # and temp directories are not writable by other users, so + # bypass the warning. + return + mode = os.stat(path).st_mode + if mode & stat.S_IWOTH or mode & stat.S_IWGRP: + msg = ("%s is writable by group/others and vulnerable to attack " + "when " + "used with get_resource_filename. Consider a more secure " + "location (set with .set_extraction_path or the " + "PYTHON_EGG_CACHE environment variable)." % path) + warnings.warn(msg, UserWarning) |