|
From: | Benjamin Wolsey |
Subject: | Re: [Gnash-commit] [SCM] Gnash branch, master, updated. release_0_8_9_final-1227-gfa481c1 |
Date: | Mon, 21 Nov 2011 09:08:19 +0100 (MET) |
> cookiefile.open(ss.str().c_str(), std::ios::out | std::ios::trunc); > + chmod (ss.str().c_str(), 0600); There's still the possibility of an attacker opening the file between creation and the chmod call. Calling umask() before opening the file should avoid that problem. As umask() sets the permissions mask for the current process only, the only problem is calling it from more than one thread. bwy
[Prev in Thread] | Current Thread | [Next in Thread] |