From 4935b951b3e1a6aae107c7d04830c0ffc63aaf52 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <mark@msapiro.net>
Date: Fri, 6 Jun 2014 13:27:44 -0700
Subject: Mailman's log files, request.pck files and heldmsg-* files are no
 longer created world readable to protect against access by untrusted local
 users.

---
 Mailman/ListAdmin.py      | 4 ++--
 Mailman/Logging/Logger.py | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

(limited to 'Mailman')

diff --git a/Mailman/ListAdmin.py b/Mailman/ListAdmin.py
index a4edfbba..877aa5c4 100755
--- a/Mailman/ListAdmin.py
+++ b/Mailman/ListAdmin.py
@@ -101,7 +101,7 @@ class ListAdmin:
             # should we be as paranoid as for the config.pck file?  Should we
             # use pickle?
             tmpfile = self.__filename + '.tmp'
-            omask = os.umask(002)
+            omask = os.umask(007)
             try:
                 fp = open(tmpfile, 'w')
                 try:
@@ -194,7 +194,7 @@ class ListAdmin:
         else:
             ext = 'txt'
         filename = 'heldmsg-%s-%d.%s' % (self.internal_name(), id, ext)
-        omask = os.umask(002)
+        omask = os.umask(007)
         try:
             fp = open(os.path.join(mm_cfg.DATA_DIR, filename), 'w')
             try:
diff --git a/Mailman/Logging/Logger.py b/Mailman/Logging/Logger.py
index 617347d4..f3d30164 100644
--- a/Mailman/Logging/Logger.py
+++ b/Mailman/Logging/Logger.py
@@ -60,7 +60,7 @@ class Logger:
             return self.__fp
         else:
             try:
-                ou = os.umask(002)
+                ou = os.umask(007)
                 try:
                     try:
                         f = codecs.open(
-- 
cgit v1.2.3