Date: Mon, 16 Dec 2013 22:34:59 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: 732283@...s.debian.org, cm@...etec.at Subject: CVE Request: Proc::Daemon writes pidfile with mode 666 Hi Kurt, christian mock <cm@...etec.at> has reported that Proc::Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with world-writable permissions. Upstream bugreport is at .  http://bugs.debian.org/732283  https://rt.cpan.org/Ticket/Display.html?id=91450 Axel Beckert has commited a patch to the Debian packaging and forwarded it to upstream.  http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch Could a CVE be assigend for this issue? Regards and thanks in advance, Salvatore Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ