[Debian-med-packaging] Bug#751579: ~/.t_coffee/ is world-writable
Jakub Wilk
jwilk at debian.org
Sat Jun 14 13:45:22 UTC 2014
Package: t-coffee
Version: 10.00.r1613-1
Tags: security
t-coffee creates ~/.t_coffee/ (and the subdirectories) as
world-writable, ignoring umask:
jwilk at lagrange:~$ find .t_coffee/ -ls
find: `.t_coffee/': No such file or directory
jwilk at lagrange:~$ umask
0022
jwilk at lagrange:~$ t_coffee > /dev/null 2>&1
jwilk at lagrange:~$ find .t_coffee/ -ls
55 4 drwxrwxrwx 6 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/
150 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/cache
257 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/mcoffee
730 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/methods
769 4 drwxrwxrwx 3 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/plugins
1044 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/plugins/linux
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages t-coffee depends on:
ii libc6 2.19-1
ii libgcc1 1:4.9.0-5
ii libstdc++6 4.9.0-5
--
Jakub Wilk
More information about the Debian-med-packaging
mailing list