Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Mail-Audit CPAN distribution.

Report information
The Basics
Id: 1794
Status: resolved
Priority: 0/
Queue: Mail-Audit

People
Owner: Nobody in particular
Requestors: lumpy+cpan [...] the.whole.net
Cc:
AdminCc:

Bug Information
Severity: Important
Broken in: (no value)
Fixed in: (no value)



Subject: Insecure /tmp usage in Mail::Audit
I was just about to reinstall Mail::Audit on a server that had a much older version. I noticed that in the current code, it creates terribly insecure temporary files that can no doubt be raced by users to do nasty things. $MIME_PARSER_TMPDIR = "/tmp/".getpwuid($>)."-mailaudit"; ... mkdir ($MIME_PARSER_TMPDIR, 0777); if (! -d $MIME_PARSER_TMPDIR) { $MIME_PARSER_TMPDIR = "/tmp" } $parser->output_under($MIME_PARSER_TMPDIR); I just thought it was worth reporting, but Mail::Audit is fantastic. thanks for writing it.
fixed in subversion-- rjbs