Ludia functions

Fork

• ludia_funcs
• senna-1.1.2-fast

[Ludiafuncs-hackers] Set umask before creating temporary file

Sawada Masahiko sawad****@gmail*****
2015年 7月 16日 (木) 20:49:59 JST

• 前の記事 [Ludiafuncs-hackers] Compile warning for 9.3 or later
• 次の記事 [Ludiafuncs-hackers] Set umask before creating temporary file
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]

Hi all,

According to CoverityScan, ludia_funcs probably has security problem
around creating temporary file.
Returning wrong result by rewriting temporary file by attacker before
returning client is possible.
mkstemp(), is used currently ludia_funcs, creates temporary file with
0600 permission already, but a such behavior might be changed at some
day.
Attached patch adds setting of umask before creating temporary file.

Regards,

--
Masahiko Sawada
-------------- next part --------------
$B%F%-%9%H7A<00J30$NE:IU%U%!%$%k$rJ]4I$7$^$7$?(B...
$B%U%!%$%kL>(B: add_setting_umask.patch
$B7?(B:         text/x-patch
$B%5%$%:(B:     1025 $B%P%$%H(B
$B ＠ bL@(B:       $BL5$7(B
Descargar 

• 前の記事 [Ludiafuncs-hackers] Compile warning for 9.3 or later
• 次の記事 [Ludiafuncs-hackers] Set umask before creating temporary file
• 記事の並び順: [ 日付 ] [ スレッド ] [ 件名 ] [ 著者 ]