[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file
From: |
nobody |
Subject: |
[Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file |
Date: |
Thu, 01 May 2003 03:25:21 -0400 |
=================== BUG #3412: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3412&group_id=509
Changes by: Ralf Becker <address@hidden>
Date: Thu 05/01/2003 at 09:25 (Europe/Berlin)
What | Removed | Added
---------------------------------------------------------------------------
Resolution | None | Fixed
Status | Open | Closed
------------------ Additional Follow-up Comments ----------------------------
I removed the files as they are not used since a few versions.
=================== BUG #3412: FULL BUG SNAPSHOT ===================
Submitted by: nb Project: phpGroupWare
Submitted on: Wed 04/30/2003 at 23:59
Category: developer_tools Bug Group: devel cvs
Severity: 5 - Major Priority: Low
Resolution: Fixed Assigned to: ralfbecker
Status: Closed Component Version: CVS
Platform Version: None Reproducibility: Every Time
Summary: insecure creation of temporary file
Original Submission: I had a quick look at the module developer_tools and
noticed the following bug:
file: perl/lang_extract.pl
line 47 says. srand(100000);
this is very bad, it uses the same random seed every time the script is run.
that makes the value of int(rand(100000)) in line 58 trivial to predict (it's
always the same). Anyone who has write access in $tmpdir can put a symbolic
link there and cause overwriting of a file.
replacing line 47 with srand(); is only a little better, as srand(time) is
still very predictable. Go to CPAN and grab code for creating a temp file
securely, or rewrite things to avoid needing to use a temporary file.
Follow-up Comments
*******************
-------------------------------------------------------
Date: Thu 05/01/2003 at 09:25 By: ralfbecker
I removed the files as they are not used since a few versions.
CC list is empty
No files currently attached
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3412&group_id=509
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file,
nobody <=