oss-sec mailing list archives
Re: CVE request: psi+ stores the cache file as world-readable
From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 27 Feb 2013 00:38:22 +0100
On Tuesday 26 February 2013 14:27:23 Seth Arnold wrote:
Are there environments where ~/.cache isn't 0700 by default?
I don't know You are completely right, but in case the .cache dir is not 0700, if these files are not world-readable the problem never exist. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Kurt Seifried (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable gremlin (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Agostino Sarubbo (Feb 27)
- Re: CVE request: psi+ stores the cache file as world-readable Russ Allbery (Feb 26)
- Re: CVE request: psi+ stores the cache file as world-readable Seth Arnold (Feb 26)