© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Message-ID: <email address hidden>
Date: Tue, 24 Aug 2004 08:05:58 -0700
From: Matt Zimmerman <email address hidden>
To: Shugo Maeda <email address hidden>, <email address hidden>
Subject: Re: Bug#267753: libruby1.8: CGI::Session creates files insecurely yet
On Tue, Aug 24, 2004 at 06:29:49PM +0900, Shugo Maeda wrote:
> Package: libruby1.8
> Version: 1.8.1+1.8.2pre2-2
> Severity: grave
> Tags: security upstream
> Justification: user security hole
>
> Hi,
>
> The default value for 'tmpdir' parameter is /tmp, so any user can
> know the name of the file created by CGI::Session:
> The filename contains the session id, so this can lead an attacker
> who has also shell access to the webserver to take over a session.
The file is created world-readable? If so, that is the bug; using /tmp is
not a bug in itself.
--
- mdz