Message 103617 - Python tracker (original) (raw)

tarfile.open(filename, "w|") creates a tar file with execute permissions set, if filename doesn't exist (i.e. it uses mode 0777 minus the umask). It should instead use mode 0666 minus the umask, which is what happens when using mode "w:..." instead of "w|...".

AFAICT this bug has always been present since the introduction of tarfile in Python 2.3, but it may soon become more noticeable since the new function shutil.make_archive() in Python 2.7 and 3.2 uses tarfile with mode "w|".

I have attached a patch for the trunk.