Date: Mon, 16 Dec 2013 22:34:59 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: 732283@...s.debian.org, cm@...etec.at Subject: CVE Request: Proc::Daemon writes pidfile with mode 666 Hi Kurt, christian mock <cm@...etec.at> has reported that Proc::Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with world-writable permissions. Upstream bugreport is at .  http://bugs.debian.org/732283  https://rt.cpan.org/Ticket/Display.html?id=91450 Axel Beckert has commited a patch to the Debian packaging and forwarded it to upstream.  http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch Could a CVE be assigend for this issue? Regards and thanks in advance, Salvatore Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.