oss-sec mailing list archives

Re: CVE request: psi+ stores the cache file as world-readable

From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 26 Feb 2013 14:27:23 -0800

On Tue, Feb 26, 2013 at 11:04:24PM +0100, Agostino Sarubbo wrote:

Psi+, a fork of psi, stores its files in ~/.cache/psi+ as world-readable.

~/.cache $ ls -la psi+/
total 52
drwxr-xr-x 5 ago ago  4096 feb 25 09:41 .
drwx------ 5 ago ago  4096 feb 24 23:58 ..


It appears my ~/.cache and your ~/.cache are mode 0700. Directories
underneath are already unaccessible by other users, except if one of your
programs passes a filedescriptor to a directory to another user's process
(say, cwd is in ~/.cache/psi+ and then executes a setuid program, or
uses unix(7) SCM_RIGHTS to pass a directory file descriptor to another
program).

Are there environments where ~/.cache isn't 0700 by default?

Thanks

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)
  - Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
  - Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
  - Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
    - Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
  - Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)