Message 215026 - Python tracker (original) (raw)

The shell command "umask" calls umask(022) to get the current umask, and then call umask() with result of the first call.

022 is the default umask, it's probably safer to call umask(0o22) in _get_masked_mode() instead of umask(0).

Attached patch makes this change.

If you change something, it should be backported to 3.2, 3.3 and 3.4, because I agree that it affects the security.