[[email protected]: [Full-disclosure] [ZH2005-02SA]
Insecure tmp file creation in Wine]
Peter Bortas
peter at bortas.org
Tue Mar 15 06:46:08 CST 2005
Alexandre Julliard <julliard at winehq.org> writes:
> Marcus Meissner <meissner at suse.de> writes:
>
>> --- server/registry.c 10 Mar 2005 11:18:31 -0000 1.63
>> +++ server/registry.c 14 Mar 2005 16:38:54 -0000
>> @@ -1610,7 +1610,7 @@
>> for (;;)
>> {
>> sprintf( p, "reg%lx%04x.tmp", (long) getpid(), count++ );
>> - if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0666 )) != -1) break;
>> + if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0600 )) != -1) break;
>
> That one is not in /tmp, it's in the user's home directory.
Home directories are group readable on many sites, so to prevent
information leakage 0600 would still be prudent.
--
Peter Bortas http://peter.bortas.org
More information about the wine-devel
mailing list