Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-01-07 07:52:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Misc
History
Łukasz Langa 2084f9479c
[3.11] gh-79096: Protect cookie file created by {LWP,Mozilla}CookieJar.save() (GH-93463) (GH-93636) 
Note: This change is not effective on Microsoft Windows.

Cookies can store sensitive information and should therefore be protected
against unauthorized third parties. This is also described in issue #79096.

The filesystem permissions are currently set to 644, everyone can read the
file. This commit changes the permissions to 600, only the creater of the file
can read and modify it. This improves security, because it reduces the attack
surface. Now the attacker needs control of the user that created the cookie or
a ways to circumvent the filesystems permissions.

This change is backwards incompatible. Systems that rely on world-readable
cookies will breake. However, one could argue that those are misconfigured in
the first place.

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
Co-authored-by: Pascal Wittmann <mail@pascal-wittmann.de>
Co-authored-by: Christian Heimes <christian@python.org>
2022-06-09 16:16:37 +02:00
..
NEWS.d [3.11] gh-79096: Protect cookie file created by {LWP,Mozilla}CookieJar.save() (GH-93463) (GH-93636) 2022-06-09 16:16:37 +02:00
ACKS gh-57539: Increase calendar test coverage (GH-93468) (GH-93564) 2022-06-07 12:21:04 +02:00
coverity_model.c bpo-35808: Retire pgen and use pgen2 to generate the parser (GH-11814) 2019-03-01 15:34:44 -08:00
gdbinit gdbinit: Use proper define syntax (GH-19557) 2020-04-23 05:49:26 -07:00
HISTORY Fixed typos (GH-29211) 2021-10-28 21:39:27 +02:00
indent.pro
Porting bpo-30737: Update DevGuide links to new URL (GH-3228) 2017-08-30 09:37:43 -07:00
python-config.in bpo-38468 : Refactor python-config (#16749) 2019-10-15 11:18:47 -03:00
python-config.sh.in bpo-37925: Mention --embed in python-config usage (GH-15458) 2019-08-26 23:45:36 +02:00
python-embed.pc.in bpo-36721: Add --embed option to python-config (GH-13500) 2019-05-23 03:30:23 +02:00
python.man gh-93217: fix some issues in man page and --help (GH-93219) 2022-05-26 07:53:20 -07:00
python.pc.in bpo-36721: Add --embed option to python-config (GH-13500) 2019-05-23 03:30:23 +02:00
README bpo-23469: Delete Wing IDE configuration files (GH-30067) 2021-12-14 15:01:13 +02:00
README.AIX bpo-42087: Remove support for AIX 5.3 and below (GH-22830) 2020-11-16 16:16:10 +01:00
README.coverity
README.valgrind closes docs: remove references to Py_USING_MEMORY_DEBUGGER (GH-30284) 2021-12-29 16:20:42 -06:00
requirements-test.txt Update tzdata to 2020.3 (GH-22856) 2020-10-21 06:40:43 -07:00
SpecialBuilds.txt gh-78607: Replace __ltrace__ with __lltrace__ (GH-91619) 2022-04-16 18:57:00 -04:00
stable_abi.toml gh-91324: Convert the stable ABI manifest to TOML (GH-92026) 2022-04-29 16:18:08 +02:00
svnmap.txt bpo-32159: Revert Misc/svnmap.txt (#4639) 2017-11-29 18:58:33 +01:00
valgrind-python.supp bpo-35561: Supress valgrind false alarm on epoll_ctl(event) (GH-18060) 2020-01-19 23:38:37 +01:00
vgrindefs

README 

Python Misc subdirectory
========================

This directory contains files that wouldn't fit in elsewhere.  Some
documents are only of historic importance.

Files found here
----------------

ACKS                    Acknowledgements
gdbinit                 Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY                 News from previous releases -- oldest last
indent.pro              GNU indent profile approximating my C style
NEWS                    News for this release (for some meaning of "this")
Porting                 Mini-FAQ on porting to new platforms
python-config.in        Python script template for python-config
python.man              UNIX man page for the python interpreter
python.pc.in            Package configuration info template for pkg-config
README                  The file you're reading now
README.AIX              Information about using Python on AIX
README.coverity         Information about running Coverity's Prevent on Python
README.valgrind         Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt       Describes extra symbols you can set for debug builds
svnmap.txt              Map of old SVN revs and branches to hg changeset ids,
                        help history-digging
valgrind-python.supp    Valgrind suppression file, see README.valgrind
vgrindefs               Python configuration for vgrind (a generic pretty printer)