[badpenguin79@hotmail.com: [Full-disclosure] [ZH2005-02SA] Insecure tmp file creation in Wine]

Alexandre Julliard julliard at winehq.org
Mon Mar 14 11:22:29 CST 2005


Marcus Meissner <meissner at suse.de> writes:

> --- server/registry.c	10 Mar 2005 11:18:31 -0000	1.63
> +++ server/registry.c	14 Mar 2005 16:38:54 -0000
> @@ -1610,7 +1610,7 @@
>      for (;;)
>      {
>          sprintf( p, "reg%lx%04x.tmp", (long) getpid(), count++ );
> -        if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0666 )) != -1) break;
> +        if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0600 )) != -1) break;

That one is not in /tmp, it's in the user's home directory.

-- 
Alexandre Julliard
julliard at winehq.org



More information about the wine-devel mailing list