mailing list archives
Re: CVE request: psi+ stores the cache file as world-readable
From: Seth Arnold <seth.arnold () canonical com>
Date: Tue, 26 Feb 2013 14:27:23 -0800
On Tue, Feb 26, 2013 at 11:04:24PM +0100, Agostino Sarubbo wrote:
Psi+, a fork of psi, stores its files in ~/.cache/psi+ as world-readable.
~/.cache $ ls -la psi+/
drwxr-xr-x 5 ago ago 4096 feb 25 09:41 .
drwx------ 5 ago ago 4096 feb 24 23:58 ..
It appears my ~/.cache and your ~/.cache are mode 0700. Directories
underneath are already unaccessible by other users, except if one of your
programs passes a filedescriptor to a directory to another user's process
(say, cwd is in ~/.cache/psi+ and then executes a setuid program, or
uses unix(7) SCM_RIGHTS to pass a directory file descriptor to another
Are there environments where ~/.cache isn't 0700 by default?
Description: Digital signature