Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

OpenID Authentication leaves world-writable directories under /tmp #6

Open
shlomif opened this Issue · 1 comment

2 participants

@shlomif
Collaborator

Yesterday I Tried CPANHQ's OpenID Authentication and today I got this in the mail from the Mandriva security :


Security Warning: World Writable files found :

  • /home/shlomi/tmp/cpanhq/session/data/3

  • /home/shlomi/tmp/cpanhq/session/data/3/d

  • /home/shlomi/tmp/cpanhq/session/data/3/d/4

  • /home/shlomi/tmp/cpanhq/session/data/8

  • /home/shlomi/tmp/cpanhq/session/data/8/1

  • /home/shlomi/tmp/cpanhq/session/data/8/1/7


So these directories are world-writable. It should not be this way, and may pose a security risk.

Regards,

-- Shlomi Fish

@lwsitu

That don't look like it has anything to do with OpenID, those are from Catalyst::Plugin::Session::Store::File

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.