Skip to content

OpenID Authentication leaves world-writable directories under /tmp #6

shlomif opened this Issue Jul 17, 2009 · 1 comment

2 participants

shlomif commented Jul 17, 2009

Yesterday I Tried CPANHQ's OpenID Authentication and today I got this in the mail from the Mandriva security :

Security Warning: World Writable files found :

  • /home/shlomi/tmp/cpanhq/session/data/3

  • /home/shlomi/tmp/cpanhq/session/data/3/d

  • /home/shlomi/tmp/cpanhq/session/data/3/d/4

  • /home/shlomi/tmp/cpanhq/session/data/8

  • /home/shlomi/tmp/cpanhq/session/data/8/1

  • /home/shlomi/tmp/cpanhq/session/data/8/1/7

So these directories are world-writable. It should not be this way, and may pose a security risk.


-- Shlomi Fish

lwsitu commented Jul 22, 2009

That don't look like it has anything to do with OpenID, those are from Catalyst::Plugin::Session::Store::File

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.