Bug#732283: CVE Request: Proc::Daemon writes pidfile with mode 666
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 16 21:34:59 UTC 2013
Hi Kurt,
christian mock <cm at coretec.at> has reported[1] that Proc::Daemon, when
instructed to write a pid file, does that with a umask set to 0, so
the pid file ends up with world-writable permissions.
Upstream bugreport is at [2].
[1] http://bugs.debian.org/732283
[2] https://rt.cpan.org/Ticket/Display.html?id=91450
Axel Beckert has commited a patch to the Debian packaging[3] and
forwarded it to upstream.
[3] http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch
Could a CVE be assigend for this issue?
Regards and thanks in advance,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20131216/d3b3b5e6/attachment-0001.sig>
More information about the pkg-perl-maintainers
mailing list