[Bug 1135624] New: perl-Clipboard: insecure temporary file usage
bugzilla at redhat.com
bugzilla at redhat.com
Fri Aug 29 19:53:05 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1135624
Bug ID: 1135624
Summary: perl-Clipboard: insecure temporary file usage
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team at redhat.com
Reporter: vdanen at redhat.com
CC: iarnell at gmail.com, mkreder at gmail.com,
perl-devel at lists.fedoraproject.org
It was reported [1],[2] that the clipedit program as shipped with
perl-Clipboard uses temporary files insecurely (based on the PID of the running
program). Using symlink attacks, an attacker could cause the deletion of
arbitrary files that the user running clipedit has write access to.
[...]
7 my $tmpfilename = "/tmp/clipedit$$";
8 open my $tmpfile, ">$tmpfilename" or die "Failure to open $tmpfilename:
$!";
9 print $tmpfile $orig;
10 close $tmpfile;
[...]
13 system($ed, $tmpfilename);
14
15 open $tmpfile, $tmpfilename or die "Failure to open $tmpfilename: $!";
16 my $edited = join '', <$tmpfile>;
[...]
49 unlink($tmpfilename) or die "Couldn't remove $tmpfilename: $!";
[1] http://seclists.org/oss-sec/2014/q3/467
[2] https://rt.cpan.org/Public/Bug/Display.html?id=98435
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=71pk61Zg6T&a=cc_unsubscribe
More information about the perl-devel
mailing list