oss-sec mailing list archives
Re: CVE request: psi+ stores the cache file as world-readable
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Feb 2013 23:28:16 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/26/2013 03:27 PM, Seth Arnold wrote:
On Tue, Feb 26, 2013 at 11:04:24PM +0100, Agostino Sarubbo wrote:Psi+, a fork of psi, stores its files in ~/.cache/psi+ as world-readable. ~/.cache $ ls -la psi+/ total 52 drwxr-xr-x 5 ago ago 4096 feb 25 09:41 . drwx------ 5 ago ago 4096 feb 24 23:58 ..It appears my ~/.cache and your ~/.cache are mode 0700. Directories underneath are already unaccessible by other users, except if one of your programs passes a filedescriptor to a directory to another user's process (say, cwd is in ~/.cache/psi+ and then executes a setuid program, or uses unix(7) SCM_RIGHTS to pass a directory file descriptor to another program). Are there environments where ~/.cache isn't 0700 by default? Thanks
In general if a program respects umask and creates files in ~/ then it's really unlikely that I'm going to assign a CVE for it unless it's something really significant like say an SSH client creating keys or similar. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRLaeAAAoJEBYNRVNeJnmTP5cQANiJhZ4ShyxtFp0r5xTo79AH g6XtO9Ruof0Qf3cNXbpK5zMV8Y2wAWknYIxH8clljpl8C+jUx6+27r99FTJRPShN YDzcLDH3H7n65wcNGGaqqU3qqmXTI30lbixcNHFBoeI0NsxMQDgL6tfZoiYPgoT+ 5P46tLVDSbFaM7SEAR4TPVRSkZa7JYPJh84cO8g3NII5Jyu/1YsXlIkXfHFQ6CZG AdW4pPcMbcOuPByUFqJEhVIQyggvsnlwsXCYNu3IFGWtvQ6yVNn6XDZSJ1i2QJh4 im1JJ1eOB/ZKRB59AW5k3qeNe5WpnESvJMT7zTOuBiVGhKmyziQAVWgudCdzGax0 E3qekAfJYVLEmEj7kAfDnInWdTsdFzfAqXT1PBE90vNXDwwhAFOpJiMKIXil4PKH kNP1cMe41U4Wzoe6NRiQt/SKAM7lFxSmFHbbQMri9Jupi/CgT1uw2rqOWSHfMnFM 9QGWpqj2PXrNAfISg97QtoopY4grfmm5/b9DGDTHSaSiPA5eJHFPEH8pKZR9vjYl JZVFXpbQggX/0f96QS+QfmeeHUdQIBv1veAlwpqrCHR9ct3RdI39kKWguYwJ+dVQ 0+verQjS6U2YMQsYyoVa2LLva0iwgJyLfROhN8d5hHfA6J8ifSYvqPfXhLtskwMl q7rq0CjWb00cWVPj8j4/ =/Q8U -----END PGP SIGNATURE-----
Current thread:
- CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)