Bugtraq mailing list archives
Re: Zip 2,31 bad default file-permissions vulnerability
From: Imran Ghory <imranghory () gmail com>
Date: Fri, 5 Aug 2005 22:40:59 +0100
On 8/5/05, Lupe Christoph <lupe () lupe-christoph de> wrote:
I still don't understand why this is a problem. If it were a problem, it would be one of humongous dimensions because it affects all programs that use open(..., 0666) to create non-executable files potentially containing sensitive contents.
In cases where a "secure" file has permissions degraded yes, for example CAN-2005-1920 where an editor was creating a a backup with less secure permissions than the original.
For example all editors. And all shells because any redirection could create such a file.
Permission handling in shells is generally accepted to be insecure due to other issues such as lack of atomicity. Imran
Current thread:
- Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 03)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Stephen C Woods (Aug 05)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 05)
- Message not available
- Re: Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 09)
- Re: Zip 2,31 bad default file-permissions vulnerability Imran Ghory (Aug 04)
- Re: Zip 2,31 bad default file-permissions vulnerability Lupe Christoph (Aug 04)