oss-sec mailing list archives

Re: Re: possible CVE requests: perltidy insecure temporary file usage

From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 11 Mar 2014 11:36:46 +1100

This question might be relatively unimportant because O_EXCL|O_CREAT
was only used in the IO::File->new call for choosing a filename.
O_EXCL|O_CREAT wasn't used in IO::File->new call that came immediately
after the make_temporary_filename call. This, for example, doesn't
cover the case of a mode 0777 current working directory.


Thanks for explaining this, I had misunderstood that part.

--
Murray McAllister / Red Hat Security Response Team

Current thread:

possible CVE requests: perltidy insecure temporary file usage Murray McAllister (Mar 03)
- Re: Bug#740670: possible CVE requests: perltidy insecure temporary file usage Don Armstrong (Mar 07)
- Re: possible CVE requests: perltidy insecure temporary file usage cve-assign (Mar 08)
  - Re: Re: possible CVE requests: perltidy insecure temporary file usage Murray McAllister (Mar 10)