[badpenguin79@hotmail.com: [Full-disclosure] [ZH2005-02SA] Insecure tmp file creation in Wine]

Alexandre Julliard julliard at winehq.org
Tue Mar 15 06:53:02 CST 2005


Peter Bortas <peter at bortas.org> writes:

> Alexandre Julliard <julliard at winehq.org> writes:
> 
> > That one is not in /tmp, it's in the user's home directory.
> 
> Home directories are group readable on many sites, so to prevent
> information leakage 0600 would still be prudent.

There is no leakage at all, the permissions are identical to the
permissions on the final registry files. If users don't want their
registry to be readable they can set umask or protect their .wine
directory.

-- 
Alexandre Julliard
julliard at winehq.org



More information about the wine-devel mailing list