[Bug 1062424] CVE-2014-1875 perl-Capture-Tiny: insecure temporary file usage
bugzilla at redhat.com
bugzilla at redhat.com
Mon Feb 10 07:27:09 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1062424
Petr Pisar <ppisar at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ppisar at redhat.com
--- Comment #4 from Petr Pisar <ppisar at redhat.com> ---
Reproducer:
$ strace -fq -e open -- perl -MCapture::Tiny -e 'Capture::Tiny::tee_stdout {
print qq{foo\n} }' 2>&1 | grep 'O_CREAT' | grep -v O_EXCL
[pid 8578] open("/tmp/uAM1hQ9lbl", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
There shouldn't be any open(, O_CREAT) without O_EXCL.
Fixed with upstream commit
<https://github.com/dagolden/Capture-Tiny/commit/635c9eabd52ab8042b0c841823bd6e692de87924>
and released in 0.24
<http://cpansearch.perl.org/src/DAGOLDEN/Capture-Tiny-0.24/Changes>. This fix
creates new files with O_EXCL flag.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=145jBtKs9o&a=cc_unsubscribe
More information about the perl-devel
mailing list