Date: Tue, 11 Mar 2014 11:36:46 +1100 From: Murray McAllister <mmcallis@...hat.com> To: cve-assign@...re.org CC: oss-security@...ts.openwall.com Subject: Re: Re: possible CVE requests: perltidy insecure temporary file usage > This question might be relatively unimportant because O_EXCL|O_CREAT > was only used in the IO::File->new call for choosing a filename. > O_EXCL|O_CREAT wasn't used in IO::File->new call that came immediately > after the make_temporary_filename call. This, for example, doesn't > cover the case of a mode 0777 current working directory. Thanks for explaining this, I had misunderstood that part. -- Murray McAllister / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ