Hi Nico
Yes you are correct. I'll make a new version.
Best regards,
// Ola
On Wed, Apr 22, 2009 at 12:35:18AM +0200, Nico Golde wrote:
> reopen 523476
> notfixed 1.7.2-2
> thanks
>
> Hi Ola,
> your fix is already better than the unfixed version before
> but still is buggy:
> open( FILE, ">$chap_file" )
> or die "$0: can't write '$chap_file': $!\n";
> print FILE $new_chap;
> close FILE;
> system("chmod 600 $chap_file");
>
> The above is not race free, an attacker still has the chance (though unlikely)
> to get the credentials after the file was closed but before the system call.
> Instead set a proper umask before opening the file.
>
> Cheers
> Nico
>
> --
> Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
> For security reasons, all text in this mail is double-rot13 encrypted.
--
--------------------- Ola Lundqvist ---------------------------
/ o...@debian.org Annebergsslingan 37 \
| o...@inguza.com 654 65 KARLSTAD |
| http://inguza.com/ +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
