Also protect against group-writable files

--HG-- branch : distribute
author: Jason R. Coombs <jaraco@jaraco.com> 2013-06-24 05:18:05 -0400
committer: Jason R. Coombs <jaraco@jaraco.com> 2013-06-24 05:18:05 -0400
commit: 7e8c32eeda9db5eab02e30ee4528c8c8674e57c5 (patch)
tree: 8ebb016bee8675d9cee2cf6a1d41fd67dad5e4ef
parent: be8320718ce02583374df5312502490f0bd7e8a7 (diff)
download: python-setuptools-git-7e8c32eeda9db5eab02e30ee4528c8c8674e57c5.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/pkg_resources.py b/pkg_resources.py
index 50e4ce9b..69e53ebd 100644
--- a/pkg_resources.py
+++ b/pkg_resources.py
@@ -1015,8 +1015,9 @@ variable to point to an accessible directory.
             #  bypass the warning.
             return
         mode = os.stat(path).st_mode
-        if mode & stat.S_IWOTH:
-            msg = ("%s is writable by others and vulnerable to attack when "
+        if mode & stat.S_IWOTH or mode & stat.S_IWGRP:
+            msg = ("%s is writable by group/others and vulnerable to attack "
+                "when "
                 "used with get_resource_filename. Consider a more secure "
                 "location (set with .set_extraction_path or the "
                 "PYTHON_EGG_CACHE environment variable)." % path)
author	Jason R. Coombs <jaraco@jaraco.com>	2013-06-24 05:18:05 -0400
committer	Jason R. Coombs <jaraco@jaraco.com>	2013-06-24 05:18:05 -0400
commit	7e8c32eeda9db5eab02e30ee4528c8c8674e57c5 (patch)
tree	8ebb016bee8675d9cee2cf6a1d41fd67dad5e4ef
parent	be8320718ce02583374df5312502490f0bd7e8a7 (diff)
download	python-setuptools-git-7e8c32eeda9db5eab02e30ee4528c8c8674e57c5.tar.gz