Skip Menu |

This queue is for tickets about the DBD-mysql CPAN distribution.

Report information
The Basics
Id: 30646
Status: resolved
Priority: 0/
Queue: DBD-mysql
People
Owner: Nobody in particular
Requestors: ANDK [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: Normal
Broken in: 4.005
Fixed in: (no value)

History Show all quoted text
  Sun Nov 11 03:28:00 2007 ANDK [...] cpan.org - Ticket created
Subject: Cleaning up /tmp directory; predictable tmp filename
Several tests write into a file /tmp/trace.log. This is an easily exploitable security hole when people are running the tests as root. Possible solutions: - Write to ./trace.log - use File::Temp (with CLEANUP=>1) Thanks,
  Sun Nov 11 21:18:28 2007 CAPTTOFU [...] cpan.org - Correspondence added
From: CAPTTOFU [...] cpan.org
On Sun Nov 11 03:28:00 2007, ANDK wrote: Show quoted text
> Several tests write into a file /tmp/trace.log. This is an easily > exploitable security hole when people are running the tests as root. > > Possible solutions: > > - Write to ./trace.log > > - use File::Temp (with CLEANUP=>1) > > Thanks,
Thank you! Yes, working on getting out a release as we speak (and putting out fires!). This will be fixed in 4.006.
  Sun Nov 11 21:18:31 2007 The RT System itself - Status changed from 'new' to 'open'
  Wed Dec 05 22:05:32 2007 CAPTTOFU [...] cpan.org - Correspondence added
This will be fixed this week. I'm releasing 4.006. On Sun Nov 11 21:18:28 2007, CAPTTOFU wrote: Show quoted text
> On Sun Nov 11 03:28:00 2007, ANDK wrote:
> > Several tests write into a file /tmp/trace.log. This is an easily > > exploitable security hole when people are running the tests as root. > > > > Possible solutions: > > > > - Write to ./trace.log > > > > - use File::Temp (with CLEANUP=>1) > > > > Thanks,
> > > Thank you! > > Yes, working on getting out a release as we speak (and putting out
fires!). Show quoted text
> > This will be fixed in 4.006.
  Mon Jan 28 23:54:26 2008 ANDK [...] cpan.org - Correspondence added
It is not fixed in 4.006, I still find 2008-01-29T05:51:57 283606 /tmp/trace.txt Thanks,
  Tue Oct 26 11:59:42 2010 CAPTTOFU [...] cpan.org - Correspondence added
I removed all trace log output - this shouldn't be in any test suite - sloppy housekeeping on my part.
  Tue Oct 26 11:59:42 2010 CAPTTOFU [...] cpan.org - Status changed from 'open' to 'resolved'