Skip Menu |
 

This queue is for tickets about the DBD-mysql CPAN distribution.

Report information
The Basics
Id: 30646
Status: resolved
Priority: 0/
Queue: DBD-mysql

People
Owner: Nobody in particular
Requestors: ANDK [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 4.005
Fixed in: (no value)



Subject: Cleaning up /tmp directory; predictable tmp filename
Download (untitled) / with headers
text/plain 225b
Several tests write into a file /tmp/trace.log. This is an easily exploitable security hole when people are running the tests as root. Possible solutions: - Write to ./trace.log - use File::Temp (with CLEANUP=>1) Thanks,
From: CAPTTOFU [...] cpan.org
Download (untitled) / with headers
text/plain 405b
On Sun Nov 11 03:28:00 2007, ANDK wrote: Show quoted text
> Several tests write into a file /tmp/trace.log. This is an easily > exploitable security hole when people are running the tests as root. > > Possible solutions: > > - Write to ./trace.log > > - use File::Temp (with CLEANUP=>1) > > Thanks,
Thank you! Yes, working on getting out a release as we speak (and putting out fires!). This will be fixed in 4.006.
Download (untitled) / with headers
text/plain 540b
This will be fixed this week. I'm releasing 4.006. On Sun Nov 11 21:18:28 2007, CAPTTOFU wrote: Show quoted text
> On Sun Nov 11 03:28:00 2007, ANDK wrote:
> > Several tests write into a file /tmp/trace.log. This is an easily > > exploitable security hole when people are running the tests as root. > > > > Possible solutions: > > > > - Write to ./trace.log > > > > - use File::Temp (with CLEANUP=>1) > > > > Thanks,
> > > Thank you! > > Yes, working on getting out a release as we speak (and putting out
fires!). Show quoted text
> > This will be fixed in 4.006.
It is not fixed in 4.006, I still find 2008-01-29T05:51:57 283606 /tmp/trace.txt Thanks,
Download (untitled) / with headers
text/plain 102b
I removed all trace log output - this shouldn't be in any test suite - sloppy housekeeping on my part.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.