Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Mail-Audit CPAN distribution.

Report information
The Basics
Id: 27307
Status: resolved
Priority: 0/
Queue: Mail-Audit
People
Owner: Nobody in particular
Requestors: k.heinz-cpan [...] kh-22.de
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Sun May 27 17:41:17 2007 k.heinz-cpan [...] kh-22.de - Ticket created
Subject: still insecure /tmp usage in Mail::Audit?
Date: Sun, 27 May 2007 23:40:45 +0200
To: bug-Mail-Audit [...] rt.cpan.org
From: Klaus Heinz <k.heinz-cpan [...] kh-22.de>
[ I report this through by direct mail because the §$%§§$% bitcard authentication is still broken after more than 10 months :-/ ] Hi, as far as I can see, one of the issues concerning temporary files reported in the Debian BTS http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350954 is _not_ resolved in the latest version 2.218 of Mail::Audit (the issue concerning MimeEntity.pm is fixed in 2.218, see also rt.cpan.org #1794). It is still possible to create a symlink with a predictable name (eg /tmp/1234-audit.log for user id 1234) pointing to some other file and Mail::Audit will happily write to that file (in Audit.pm) when a loglevel is specified but no filename for the log file. I can reproduce the problem on NetBSD/i386 3.1, Perl 5.8.7 and Mail::Audit 2.218. ciao Klaus Heinz
  Thu May 31 15:23:42 2007 rjbs [...] cpan.org - Correspondence added
Subject: Re: [rt.cpan.org #27307] still insecure /tmp usage in Mail::Audit?
Date: Thu, 31 May 2007 15:23:20 -0400
To: Klaus Heinz via RT <bug-Mail-Audit [...] rt.cpan.org>
From: Ricardo SIGNES <rjbs [...] cpan.org>
* Klaus Heinz via RT <bug-Mail-Audit@rt.cpan.org> [2007-05-27T17:41:18] Show quoted text
> as far as I can see, one of the issues concerning temporary files reported > in the Debian BTS > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350954 > > is _not_ resolved in the latest version 2.218 of Mail::Audit (the issue > concerning MimeEntity.pm is fixed in 2.218, see also rt.cpan.org #1794).
This is the first I've heard of it. There's been a lot to work through with Mail::Audit, and it's been a low priority. I'll check it out soon. Patches welcome! :) -- rjbs
  Thu May 31 15:23:44 2007 The RT System itself - Status changed from 'new' to 'open'
  Thu Jun 14 18:26:45 2007 rjbs [...] cpan.org - Correspondence added
fixed in svn -- rjbs
  Thu Jun 14 18:26:47 2007 rjbs [...] cpan.org - Status changed from 'open' to 'resolved'