© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Message-ID: <email address hidden>
Date: Wed, 25 Aug 2004 00:32:20 +0900
From: Shugo Maeda <email address hidden>
To: Matt Zimmerman <email address hidden>, <email address hidden>
Subject: Re: Bug#267753: libruby1.8: CGI::Session creates files insecurely
yet
Hi,
Matt Zimmerman wrote:
>>The default value for 'tmpdir' parameter is /tmp, so any user can
>>know the name of the file created by CGI::Session:
>>The filename contains the session id, so this can lead an attacker
>>who has also shell access to the webserver to take over a session.
>
>
> The file is created world-readable? If so, that is the bug; using /tmp is
> not a bug in itself.
No. The session id is contained in the *filename*, so the
read-permission of the file itself is not necessary to take over a
session.
Any user can get the session id by `ls /tmp'.
The bug is already fixed in the CVS HEAD (The default value of 'tmpdir'
is still /tmp, but the filename doesn't contain session id itself).
Shugo