Bug 39624 - perldoc etc. use insecure tempfiles.
perldoc etc. use insecure tempfiles.
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: perl (Show other bugs)
6.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Chip Turner
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-05-08 07:40 EDT by Jarno Huuskonen
Modified: 2007-04-18 12:33 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-11 17:04:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jarno Huuskonen 2001-05-08 07:40:59 EDT
Description of Problem:

perldoc uses temporary files in /tmp insecurely. The filenames are
/tmp/perldoc1.[pid] and the file is opened with
open(TMP,">>$tmp");

Probably other perl scripts (perlcc/perlbug) use tempfiles in a similar
manner.

The perl version is:
Version     : 5.00503                           Vendor: Red Hat, Inc.
Release     : 12                            Build Date: Thu 10 Aug 2000
10:37:21
Comment 1 Kjartan Maraas 2003-04-02 17:22:06 EST
Is this still the case?
Comment 2 Chip Turner 2003-04-11 17:04:36 EDT
perl in RH9 addresses the perldoc issues.

Note You need to log in before you can comment on or make changes to this bug.