phpgroupware-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file


From: nobody
Subject: [Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file
Date: Wed, 30 Apr 2003 18:33:51 -0400

=================== BUG #3412: LATEST MODIFICATIONS ==================
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3412&group_id=509

Changes by: Dave Hall <address@hidden>
Date: Thu 05/01/2003 at 08:33 (Australia/Melbourne)

            What     | Removed                   | Added
---------------------------------------------------------------------------
         Assigned to | None                      | ralfbecker




=================== BUG #3412: FULL BUG SNAPSHOT ===================


Submitted by: nb                      Project: phpGroupWare                 
Submitted on: Thu 05/01/2003 at 07:59
Category:  developer_tools            Bug Group:  devel cvs                 
Severity:  5 - Major                  Priority:  Low                        
Resolution:  None                     Assigned to:  ralfbecker              
Status:  Open                         Component Version:  CVS               
Platform Version:  None               Reproducibility:  Every Time          

Summary:  insecure creation of temporary file

Original Submission:  I had a quick look at the module developer_tools and 
noticed the following bug:

file: perl/lang_extract.pl
line 47 says. srand(100000);
this is very bad, it uses the same random seed every time the script is run.

that makes the value of int(rand(100000)) in line 58 trivial to predict (it's 
always the same).   Anyone who has write access in $tmpdir can put a symbolic 
link there and cause overwriting of a file.

replacing line 47 with srand(); is only a little better, as srand(time) is 
still very predictable.  Go to CPAN and grab code for creating a temp file 
securely, or rewrite things to avoid needing to use a temporary file.



No Followups Have Been Posted


CC list is empty


No files currently attached


For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=3412&group_id=509




reply via email to

[Prev in Thread] Current Thread [Next in Thread]