[Freedombox-discuss] secure UUIDs

Tim Retout tim at retout.co.uk
Mon Jul 22 08:06:56 UTC 2013

On 21 Jul 2013 00:05, "Jonas Smedegaard" <dr at jones.dk> wrote:
> Quoting Tim Retout (2013-07-21 00:25:16)
> > On 20 Jul 2013 23:01, "Tim Retout" <[1]diocles at debian.org> wrote:
> As mentioned in my previous reply I am working on getting the proper
> CPAN Data::UUID in Debian, so would be great if you could similarly take
> a look at that.

I do not trust CPAN's Data::UUID for other reasons - I filed RT bug #69277
a while ago (symlink attack):


This was while working on Debian bug #632608:


In short, Data::UUID does not work well on multi-user systems. I seem to
recall that every user after the first to use the module will end up
ignoring whatever it was storing in /tmp. I can't see anything in the
changelog that has addressed this.

Kind regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130722/37a2601c/attachment.html>

More information about the Freedombox-discuss mailing list