[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file

From: nobody
Subject: [Phpgroupware-tracker] [Bug #3412] insecure creation of temporary file
Date: Wed, 30 Apr 2003 18:33:51 -0400

=================== BUG #3412: LATEST MODIFICATIONS ==================

Changes by: Dave Hall <address@hidden>
Date: Thu 05/01/2003 at 08:33 (Australia/Melbourne)

            What     | Removed                   | Added
         Assigned to | None                      | ralfbecker

=================== BUG #3412: FULL BUG SNAPSHOT ===================

Submitted by: nb                      Project: phpGroupWare                 
Submitted on: Thu 05/01/2003 at 07:59
Category:  developer_tools            Bug Group:  devel cvs                 
Severity:  5 - Major                  Priority:  Low                        
Resolution:  None                     Assigned to:  ralfbecker              
Status:  Open                         Component Version:  CVS               
Platform Version:  None               Reproducibility:  Every Time          

Summary:  insecure creation of temporary file

Original Submission:  I had a quick look at the module developer_tools and 
noticed the following bug:

file: perl/
line 47 says. srand(100000);
this is very bad, it uses the same random seed every time the script is run.

that makes the value of int(rand(100000)) in line 58 trivial to predict (it's 
always the same).   Anyone who has write access in $tmpdir can put a symbolic 
link there and cause overwriting of a file.

replacing line 47 with srand(); is only a little better, as srand(time) is 
still very predictable.  Go to CPAN and grab code for creating a temp file 
securely, or rewrite things to avoid needing to use a temporary file.

No Followups Have Been Posted

CC list is empty

No files currently attached

For detailed info, follow this link:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]