|
Full Disclosure
mailing list archives
Re: FileCache: tmp file permission vulnerability.
From: paul.szabo () sydney edu au
Date: Sat, 3 Apr 2010 17:35:24 +1100
Vladimir Lettiev <thecrux () gmail com> wrote:
Perl Cache-Cache-1.06 ... stores its default file cache
in /tmp with world read/write permissions. ...
This is documented behaviour. You can override insecure default cache
root and umask with options 'cache_root' and 'directory_umask':
use Cache::FileCache;
use File::Temp qw/ tempdir /;
my $cache = new Cache::FileCache( {
'cache_root' => tempdir('CacheXXXXX'),
'directory_umask' => 077,
} );
The default should be secure. Interested people, with intimate knowledge
of inner workings, might go to contortions and change to insecure.
Cheers, Paul
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
