oss-sec mailing list archives
CVE Request: Proc::Daemon writes pidfile with mode 666
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 16 Dec 2013 22:34:59 +0100
Hi Kurt, christian mock <cm () coretec at> has reported[1] that Proc::Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with world-writable permissions. Upstream bugreport is at [2]. [1] http://bugs.debian.org/732283 [2] https://rt.cpan.org/Ticket/Display.html?id=91450 Axel Beckert has commited a patch to the Debian packaging[3] and forwarded it to upstream. [3] http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch Could a CVE be assigend for this issue? Regards and thanks in advance, Salvatore
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE Request: Proc::Daemon writes pidfile with mode 666 Salvatore Bonaccorso (Dec 16)
- Re: CVE Request: Proc::Daemon writes pidfile with mode 666 cve-assign (Dec 17)