[Freedombox-discuss] secure UUIDs
Tim Retout
tim at retout.co.uk
Mon Jul 22 08:06:56 UTC 2013
On 21 Jul 2013 00:05, "Jonas Smedegaard" <dr at jones.dk> wrote:
>
> Quoting Tim Retout (2013-07-21 00:25:16)
> > On 20 Jul 2013 23:01, "Tim Retout" <[1]diocles at debian.org> wrote:
> As mentioned in my previous reply I am working on getting the proper
> CPAN Data::UUID in Debian, so would be great if you could similarly take
> a look at that.
I do not trust CPAN's Data::UUID for other reasons - I filed RT bug #69277
a while ago (symlink attack):
https://rt.cpan.org/Public/Bug/Display.html?id=69277
This was while working on Debian bug #632608:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632608
In short, Data::UUID does not work well on multi-user systems. I seem to
recall that every user after the first to use the module will end up
ignoring whatever it was storing in /tmp. I can't see anything in the
changelog that has addressed this.
Kind regards,
Tim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130722/37a2601c/attachment.html>
More information about the Freedombox-discuss
mailing list