[badpenguin79@hotmail.com: [Full-disclosure] [ZH2005-02SA] Insecure tmp file creation in Wine]

Peter Bortas peter at bortas.org
Tue Mar 15 06:46:08 CST 2005


Alexandre Julliard <julliard at winehq.org> writes:

> Marcus Meissner <meissner at suse.de> writes:
>
>> --- server/registry.c	10 Mar 2005 11:18:31 -0000	1.63
>> +++ server/registry.c	14 Mar 2005 16:38:54 -0000
>> @@ -1610,7 +1610,7 @@
>>      for (;;)
>>      {
>>          sprintf( p, "reg%lx%04x.tmp", (long) getpid(), count++ );
>> -        if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0666 )) != -1) break;
>> +        if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0600 )) != -1) break;
>
> That one is not in /tmp, it's in the user's home directory.

Home directories are group readable on many sites, so to prevent
information leakage 0600 would still be prudent.

-- 
Peter Bortas                  http://peter.bortas.org




More information about the wine-devel mailing list