Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: psi+ stores the cache file as world-readable
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 26 Feb 2013 23:28:16 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/26/2013 03:27 PM, Seth Arnold wrote:
On Tue, Feb 26, 2013 at 11:04:24PM +0100, Agostino Sarubbo wrote:
Psi+, a fork of psi, stores its files in ~/.cache/psi+ as
world-readable.

~/.cache $ ls -la psi+/ total 52 drwxr-xr-x 5 ago ago  4096 feb
25 09:41 . drwx------ 5 ago ago  4096 feb 24 23:58 ..

It appears my ~/.cache and your ~/.cache are mode 0700.
Directories underneath are already unaccessible by other users,
except if one of your programs passes a filedescriptor to a
directory to another user's process (say, cwd is in ~/.cache/psi+
and then executes a setuid program, or uses unix(7) SCM_RIGHTS to
pass a directory file descriptor to another program).

Are there environments where ~/.cache isn't 0700 by default?

Thanks

In general if a program respects umask and creates files in ~/ then
it's really unlikely that I'm going to assign a CVE for it unless it's
something really significant like say an SSH client creating keys or
similar.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRLaeAAAoJEBYNRVNeJnmTP5cQANiJhZ4ShyxtFp0r5xTo79AH
g6XtO9Ruof0Qf3cNXbpK5zMV8Y2wAWknYIxH8clljpl8C+jUx6+27r99FTJRPShN
YDzcLDH3H7n65wcNGGaqqU3qqmXTI30lbixcNHFBoeI0NsxMQDgL6tfZoiYPgoT+
5P46tLVDSbFaM7SEAR4TPVRSkZa7JYPJh84cO8g3NII5Jyu/1YsXlIkXfHFQ6CZG
AdW4pPcMbcOuPByUFqJEhVIQyggvsnlwsXCYNu3IFGWtvQ6yVNn6XDZSJ1i2QJh4
im1JJ1eOB/ZKRB59AW5k3qeNe5WpnESvJMT7zTOuBiVGhKmyziQAVWgudCdzGax0
E3qekAfJYVLEmEj7kAfDnInWdTsdFzfAqXT1PBE90vNXDwwhAFOpJiMKIXil4PKH
kNP1cMe41U4Wzoe6NRiQt/SKAM7lFxSmFHbbQMri9Jupi/CgT1uw2rqOWSHfMnFM
9QGWpqj2PXrNAfISg97QtoopY4grfmm5/b9DGDTHSaSiPA5eJHFPEH8pKZR9vjYl
JZVFXpbQggX/0f96QS+QfmeeHUdQIBv1veAlwpqrCHR9ct3RdI39kKWguYwJ+dVQ
0+verQjS6U2YMQsYyoVa2LLva0iwgJyLfROhN8d5hHfA6J8ifSYvqPfXhLtskwMl
q7rq0CjWb00cWVPj8j4/
=/Q8U
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]