[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #15723] HTML driver creates .png files insecurely

From: Ben Pfaff
Subject: PSPP-BUG: [bug #15723] HTML driver creates .png files insecurely
Date: Sun, 12 Feb 2006 09:38:22 -0800
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1


                 Summary: HTML driver creates .png files insecurely
                 Project: PSPP
            Submitted by: blp
            Submitted on: Sun 02/12/06 at 09:38
                Category: Output Driver
                Severity: 7 - Major
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: None
                  Effort: 0.00



The HTML driver creates .png files in /tmp in predictable names without using
O_EXCL, so it is a security hole.  It should instead use O_EXCL or create them
in the same directory as the .html file.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]