You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The first temporary file is created securely, but the second open(2)
call lacks the O_EXCL flag. The vulnerable code appears to be:
flag file is used to signal the child is ready
$stash->{flag_files}{$which} = scalar tmpnam();
The File::temp::tmpnam documentation reads: “When called in scalar
context, returns the full name (including path) of a temporary file
(uses mktemp()). The only check is that the file does not already
exist, but there is no guarantee that that condition will continue
to apply.”
Hi
On the Debian BTS Jakub Wilk reported an issue of Capture::Tiny insecurely using /tmp. The original report is at [1].
On Thu, Feb 06, 2014 at 12:52:21PM +0100, Jakub Wilk wrote:
[1] http://bugs.debian.org/737835
Regards,
Salvatore
The text was updated successfully, but these errors were encountered: