reopen 523476
notfixed 1.7.2-2
thanks
Hi Ola,
your fix is already better than the unfixed version before
but still is buggy:
open( FILE, ">$chap_file" )
or die "$0: can't write '$chap_file': $!\n";
print FILE $new_chap;
close FILE;
system("chmod 600 $chap_file");The above is not race free, an attacker still has the chance (though unlikely) to get the credentials after the file was closed but before the system call. Instead set a proper umask before opening the file. Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpQQnSVihKKW.pgp
Description: PGP signature
