Bug 39624

Summary: perldoc etc. use insecure tempfiles.
Product: [Retired] Red Hat Linux Reporter: Jarno Huuskonen <jarno.huuskonen>
Component: perlAssignee: Chip Turner <cturner>
Status: CLOSED CURRENTRELEASE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2CC: kmaraas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-04-11 21:04:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jarno Huuskonen 2001-05-08 11:40:59 UTC 
Description of Problem:

perldoc uses temporary files in /tmp insecurely. The filenames are
/tmp/perldoc1.[pid] and the file is opened with
open(TMP,">>$tmp");

Probably other perl scripts (perlcc/perlbug) use tempfiles in a similar
manner.

The perl version is:
Version     : 5.00503                           Vendor: Red Hat, Inc.
Release     : 12                            Build Date: Thu 10 Aug 2000
10:37:21
Comment 1 Kjartan Maraas 2003-04-02 22:22:06 UTC 
Is this still the case?
Comment 2 Chip Turner 2003-04-11 21:04:36 UTC 
perl in RH9 addresses the perldoc issues.