Sophie

Sophie

distrib > Mageia > 5 > i586 > by-pkgid > 5ab8422a74faa53d6be4c57162f2ef27 > files > 4

jython-2.2.1-18.mga5.src.rpm

From 517883617472d53c3346ad419f0af42a7dd83705 Mon Sep 17 00:00:00 2001
From: Lubomir Rintel <lubo.rintel@gooddata.com>
Date: Wed, 3 Apr 2013 18:24:46 +0200
Subject: [PATCH 1/3] Make cache not accessible by anyone else

Sensitive information might be being cached or umask can be too relaxed,
allowing writes.
---
 src/org/python/core/CachedJarsPackageManager.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/org/python/core/CachedJarsPackageManager.java b/src/org/python/core/CachedJarsPackageManager.java
index 6953136..764f2f3 100644
--- a/src/org/python/core/CachedJarsPackageManager.java
+++ b/src/org/python/core/CachedJarsPackageManager.java
@@ -587,6 +587,12 @@ public abstract class CachedJarsPackageManager extends PackageManager {
             return false;
         }
 
+        aCachedir1.setReadable(false, false);
+        aCachedir1.setWritable(false, false);
+        aCachedir1.setExecutable(false, false);
+        aCachedir1.setReadable(true, true);
+        aCachedir1.setWritable(true, true);
+        aCachedir1.setExecutable(true, true);
         this.cachedir = aCachedir1;
 
         return true;
-- 
1.8.3.1

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional