Re: FileCache: tmp file permission vulnerability.

[paul.szabo () sydney edu au]

Vladimir Lettiev <thecrux () gmail com> wrote:

> > Perl Cache-Cache-1.06 ... stores its default file cache
> > in /tmp with world read/write permissions. ...
>
> This is documented behaviour. You can override insecure default cache
> root and umask with options 'cache_root' and 'directory_umask':
> use Cache::FileCache;
> use File::Temp qw/ tempdir /;
> my $cache = new Cache::FileCache( {
>     'cache_root' => tempdir('CacheXXXXX'),
>     'directory_umask' => 077,
> } );

The default should be secure. Interested people, with intimate knowledge
of inner workings, might go to contortions and change to insecure.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/