On Mon, Jun 16, 2014 at 01:09:11AM +0200, Simon Ruderich wrote: > > virtualenvwrapper (4.3-1) unstable; urgency=medium > > . > > * New upstream version. > > * upstream changed permissions of created files to safer defaults > > (Closes: > > #745580) > > Hello, > > I didn't check the source, but what happens to already existing > files? Will they be chmoded with sane defaults or are existing > installations still vulnerable?
Existing virtualenvs created by older virtualenvwrapper installations will
still vulnerable. virtualenvwrapper does not change permissions of already
existing environments. Maybe this could be done in the workon function. I
think this should be done in the upstream code. Doug Hellmann is open for
discussions and accepts patches. Do you have a good idea how to implement
this without a big performance penalty at every workon invocation?
Best regards
Jan Dittberner
--
Jan Dittberner - Debian Developer
GPG-key: 4096R/558FB8DD 2009-05-10
B2FF 1D95 CE8F 7A22 DF4C F09B A73E 0055 558F B8DD
http://portfolio.debian.net/ - http://people.debian.org/~jandd/
signature.asc
Description: Digital signature
