Bug 112468 - Temporary files are world writeable
Summary: Temporary files are world writeable
Status: CLOSED DUPLICATE of bug 39685
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: imap   
(Show other bugs)
Version: 9
Hardware: i386 Linux
Target Milestone: ---
Assignee: John Dennis
QA Contact: David Lawrence
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2003-12-20 09:28 UTC by Andrew E. Mileski
Modified: 2007-04-18 17:00 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-02-21 19:00:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Andrew E. Mileski 2003-12-20 09:28:51 UTC
# ls -al /tmp
total 20
drwxrwxrwt    3 root     root         4096 Dec 20 04:20 .
drwxr-xr-x   20 root     root         4096 Nov 14 05:09 ..
-rw-rw-rw-    1 andrewm  andrewm         5 Dec 20 04:18 .303.401f
# cat .303.401f
18837# ps 18837
18837 ?        S      0:00 imapd

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Connect to server via IMAP
Additional info:
The umask for root and the user are both set to 077 in their .bashrc

Comment 1 Mike A. Harris 2004-02-27 10:23:27 UTC
Yep, this security flaw is inherent in the design of UW imap,
and is covered in the UW imap FAQ.  The UW people believe that
this isn't an issue at all, and they refuse to address it.

Fixing the problem essentially means forking the UW imap
codebase, and maintaining our own fork which is incompatible
with all other OS vendors.  We have decided to replace UW imap
with alternative software in future OS releases instead, due
to the large number of security problems in the UW imap software,
and frequent security vulnerabilities.

Comment 2 Mike A. Harris 2004-02-27 10:30:00 UTC

*** This bug has been marked as a duplicate of 39685 ***

Comment 3 Red Hat Bugzilla 2006-02-21 19:00:29 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.