Commits

Jason R. Coombs committed baeb06a

Also protect against group-writable files

  • Participants
  • Parent commits e2ae2f7
  • Branches distribute

Comments (0)

Files changed (1)

File pkg_resources.py

             #  bypass the warning.
             return
         mode = os.stat(path).st_mode
-        if mode & stat.S_IWOTH:
-            msg = ("%s is writable by others and vulnerable to attack when "
+        if mode & stat.S_IWOTH or mode & stat.S_IWGRP:
+            msg = ("%s is writable by group/others and vulnerable to attack "
+                "when "
                 "used with get_resource_filename. Consider a more secure "
                 "location (set with .set_extraction_path or the "
                 "PYTHON_EGG_CACHE environment variable)." % path)