| changeset | 7e917a237b7a |
|---|---|
| branch | |
| bookmark | |
| tag | |
| user | Jeff Allen <ja.py@farowl.co.uk> |
| description | Restrict accessibility of compiled files (fixes #2044 again). CVE-2013-2027 points out that Jython may be run with umask 0, and then files cached will be world-writable affecting later sessions. #2044 claimed this fixed by other work, but this change fixes the permissions explicitly in the compiler and package manager. |
| files | NEWS src/org/python/core/imp.java src/org/python/core/packagecache/CachedJarsPackageManager.java src/org/python/core/util/FileUtil.java |
↧
Restrict accessibility of compiled files (fixes #2044 again).
↧