Bugtraq mailing list archives
Re: Zip 2,31 bad default file-permissions vulnerability
From: Lupe Christoph <lupe () lupe-christoph de>
Date: Thu, 4 Aug 2005 10:53:55 +0200
Quoting Imran Ghory <imranghory () gmail com>:
A zip file created by Zip 2.3.1 has the permissions 644 by default, Therefore any file compressed becomes world readable.
Zip 2.3 works correctly: $ (umask 0; zip test.zip feedlist.opml; ls -l test.zip; rm test.zip) adding: feedlist.opml (deflated 80%) -rw-rw-rw- 1 lupe lupe 3156 Aug 4 10:52 test.zip $ (umask 077; zip test.zip feedlist.opml; ls -l test.zip; rm test.zip) adding: feedlist.opml (deflated 80%) -rw------- 1 lupe lupe 3156 Aug 4 10:52 test.zip HTH, Lupe Christoph -- | lupe () lupe-christoph de | http://www.lupe-christoph.de/ | | "... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity | | Home for Badgers with Rabies. Michael Lucas |
Current thread:
- Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 03)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Stephen C Woods (Aug 05)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 05)
- Message not available
- Re: Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 09)
- Re: Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 04)