Full Disclosure mailing list archives
Re: FileCache: tmp file permission vulnerability.
From: paul.szabo () sydney edu au
Date: Sat, 3 Apr 2010 17:35:24 +1100
Vladimir Lettiev <thecrux () gmail com> wrote:
Perl Cache-Cache-1.06 ... stores its default file cache in /tmp with world read/write permissions. ...This is documented behaviour. You can override insecure default cache root and umask with options 'cache_root' and 'directory_umask': use Cache::FileCache; use File::Temp qw/ tempdir /; my $cache = new Cache::FileCache( { 'cache_root' => tempdir('CacheXXXXX'), 'directory_umask' => 077, } );
The default should be secure. Interested people, with intimate knowledge of inner workings, might go to contortions and change to insecure. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FileCache: tmp file permission vulnerability. bugs lists (Apr 02)
- Re: FileCache: tmp file permission vulnerability. Vladimir Lettiev (Apr 02)
- Re: FileCache: tmp file permission vulnerability. paul . szabo (Apr 02)
- Re: FileCache: tmp file permission vulnerability. Vladimir Lettiev (Apr 02)