Summary: | net-mail/qmail-qfilter information leak (?) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thilo Bangert (RETIRED) (RETIRED) <bangert> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | VERIFIED INVALID | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Thilo Bangert (RETIRED) (RETIRED)
2006-06-11 04:39:09 UTC
I'm not in the auditing team, so don't take me too serious here. The german man pages are horribly outdated (10 years old!). glibc >= 2.0.7 creates it with the permission 0600, besides that I consider the valid use of mkstemp as pretty secure. (In reply to comment #1) > I'm not in the auditing team, so don't take me too serious here. The german man > pages are horribly outdated (10 years old!). glibc >= 2.0.7 creates it with the > permission 0600, besides that I consider the valid use of mkstemp as pretty > secure. > I confirm that the file is created with 0600 as from glibc-2.0.7. In such case there's no security risk, right ? i think this is safe enough.... and i learned a lesson about german man pages... thanks everybody! verified |