Skip Menu |

This queue is for tickets about the Test-Bomb CPAN distribution.

Report information
The Basics
Id: 100486
Status: open
Priority: 0/
Queue: Test-Bomb
People
Owner: Nobody in particular
Requestors: ANDK [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: 0.007
Fixed in: (no value)

History Show all quoted text
  Fri Nov 21 00:03:14 2014 ANDK [...] cpan.org - Ticket created
Subject: Security: Test generates predictable filename in /tmp
Today I took a glance at the source of t/Bomb.t for a (probably unrelated) separate issue, I discovered the test creates a file in /tmp with a predictable filename: https://metacpan.org/source/DAV/Test-Bomb-0.007/t/Bomb.t#L7 https://metacpan.org/source/DAV/Test-Bomb-0.007/t/Bomb.t#L12 https://metacpan.org/source/DAV/Test-Bomb-0.007/t/Bomb.t#L108 May I suggest that this be amended to use File::Temp to produce (1) unpredictable files? Predictable filenames in /tmp have rather nasty security implications when people run the tests as root so should be avoided. You can read up on the topic at http://www.linuxsecurity.com/content/view/115462/151/ Thanks!
  Fri Nov 21 10:05:44 2014 del1234-pause [...] usa.net - Correspondence added
Thanks for the suggestion. I'll see about getting this fixed in the next couple of days.
  Fri Nov 21 10:05:45 2014 The RT System itself - Status changed from 'new' to 'open'