oss-sec mailing list archives
Re: Re: possible CVE requests: perltidy insecure temporary file usage
From: Murray McAllister <mmcallis () redhat com>
Date: Tue, 11 Mar 2014 11:36:46 +1100
This question might be relatively unimportant because O_EXCL|O_CREAT was only used in the IO::File->new call for choosing a filename. O_EXCL|O_CREAT wasn't used in IO::File->new call that came immediately after the make_temporary_filename call. This, for example, doesn't cover the case of a mode 0777 current working directory.
Thanks for explaining this, I had misunderstood that part. -- Murray McAllister / Red Hat Security Response Team
Current thread:
- possible CVE requests: perltidy insecure temporary file usage Murray McAllister (Mar 03)
- Re: Bug#740670: possible CVE requests: perltidy insecure temporary file usage Don Armstrong (Mar 07)
- Re: possible CVE requests: perltidy insecure temporary file usage cve-assign (Mar 08)
- Re: Re: possible CVE requests: perltidy insecure temporary file usage Murray McAllister (Mar 10)