Create ~/.pypirc securely (#13512).

There was a window between the write and the chmod where the user’s password would be exposed, depending on default permissions. Philip Jenvey’s patch fixes it.
author: Éric Araujo <aeric@mtlpy.org> 2012-12-08 14:51:47 -0500
committer: Éric Araujo <aeric@mtlpy.org> 2012-12-08 14:51:47 -0500
commit: 0bca979e33bd4dca758288e68912c9a763004a62 (patch)
tree: 47df754daaa4a438ed1695058972b8dc91933910 /config.py
parent: 993d79149275b17b639aebd6d3ca2eb960ec6876 (diff)
download: python-setuptools-git-0bca979e33bd4dca758288e68912c9a763004a62.tar.gz
1 files changed, 1 insertions, 10 deletions
diff --git a/config.py b/config.py
index 5b625f3f..1fd53346 100644
--- a/config.py
+++ b/config.py
@@ -4,7 +4,6 @@ Provides the PyPIRCCommand class, the base class for the command classes
 that uses .pypirc in the distutils.command package.
 """
 import os
-import sys
 from configparser import ConfigParser
 
 from distutils.cmd import Command
@@ -43,16 +42,8 @@ class PyPIRCCommand(Command):
     def _store_pypirc(self, username, password):
         """Creates a default .pypirc file."""
         rc = self._get_rc_file()
-        f = open(rc, 'w')
-        try:
+        with os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0o600), 'w') as f:
             f.write(DEFAULT_PYPIRC % (username, password))
-        finally:
-            f.close()
-        try:
-            os.chmod(rc, 0o600)
-        except OSError:
-            # should do something better here
-            pass
 
     def _read_pypirc(self):
         """Reads the .pypirc file."""
author	Éric Araujo <aeric@mtlpy.org>	2012-12-08 14:51:47 -0500
committer	Éric Araujo <aeric@mtlpy.org>	2012-12-08 14:51:47 -0500
commit	0bca979e33bd4dca758288e68912c9a763004a62 (patch)
tree	47df754daaa4a438ed1695058972b8dc91933910 /config.py
parent	993d79149275b17b639aebd6d3ca2eb960ec6876 (diff)
download	python-setuptools-git-0bca979e33bd4dca758288e68912c9a763004a62.tar.gz