oss-sec mailing list archives
Re: CVE request: psi+ stores the cache file as world-readable
From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 27 Feb 2013 10:20:33 +0100
On Wednesday 27 February 2013 07:41:28 gremlin () gremlin ru wrote:
That's normal - users' home directories are normally accessible only by users themselves, and never by othe users: gremlin@hren:~ > ls -ld . drwx-----x 47 gremlin users 20480 2013-02-26 17:48 ./
The default permission for the home is not 0700, but is 0755. So, for the stuff that resides in .cache which should always be .0700, is ok, for the stuff in e.g. .config the problem exist because it is 0755. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)