Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Dec 2013 22:34:59 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: 732283@...s.debian.org, cm@...etec.at
Subject: CVE Request: Proc::Daemon writes pidfile with mode 666

Hi Kurt,

christian mock <cm@...etec.at> has reported[1] that Proc::Daemon, when
instructed to write a pid file, does that with a umask set to 0, so
the pid file ends up with world-writable permissions.

Upstream bugreport is at [2].

 [1] http://bugs.debian.org/732283
 [2] https://rt.cpan.org/Ticket/Display.html?id=91450
 
Axel Beckert has commited a patch to the Debian packaging[3] and
forwarded it to upstream.

 [3] http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch

Could a CVE be assigend for this issue?

Regards and thanks in advance,
Salvatore

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ