diff options
| author | Mark Sapiro <mark@msapiro.net> | 2014-06-06 13:27:44 -0700 |
|---|---|---|
| committer | Mark Sapiro <mark@msapiro.net> | 2014-06-06 13:27:44 -0700 |
| commit | 4935b951b3e1a6aae107c7d04830c0ffc63aaf52 (patch) | |
| tree | b05fb27e4e9ecfd3b04eb6aed5fc5270d9329d32 /Mailman/ListAdmin.py | |
| parent | 1bbdb3ac38c2ee6f3704694c49069d7d4e383ae3 (diff) | |
| download | mailman2-4935b951b3e1a6aae107c7d04830c0ffc63aaf52.tar.gz mailman2-4935b951b3e1a6aae107c7d04830c0ffc63aaf52.tar.xz mailman2-4935b951b3e1a6aae107c7d04830c0ffc63aaf52.zip | |
Mailman's log files, request.pck files and heldmsg-* files are no
longer created world readable to protect against access by untrusted
local users.
Diffstat (limited to 'Mailman/ListAdmin.py')
| -rwxr-xr-x | Mailman/ListAdmin.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Mailman/ListAdmin.py b/Mailman/ListAdmin.py index a4edfbba..877aa5c4 100755 --- a/Mailman/ListAdmin.py +++ b/Mailman/ListAdmin.py @@ -101,7 +101,7 @@ class ListAdmin: # should we be as paranoid as for the config.pck file? Should we # use pickle? tmpfile = self.__filename + '.tmp' - omask = os.umask(002) + omask = os.umask(007) try: fp = open(tmpfile, 'w') try: @@ -194,7 +194,7 @@ class ListAdmin: else: ext = 'txt' filename = 'heldmsg-%s-%d.%s' % (self.internal_name(), id, ext) - omask = os.umask(002) + omask = os.umask(007) try: fp = open(os.path.join(mm_cfg.DATA_DIR, filename), 'w') try: |