Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Data-UUID CPAN distribution.

Report information
The Basics
Id: 69277
Status: rejected
Priority: 0/
Queue: Data-UUID

People
Owner: Nobody in particular
Requestors: tim [...] retout.co.uk
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 1.217
Fixed in: (no value)



Subject: Insecure usage of /tmp/.UUID_STATE
A symlink attack via Data::UUID seems to be possible. As user2: ln -s /home/user1/test-file /tmp/.UUID_STATE As user1: perl -MData::UUID -e 'Data::UUID->new' Then /home/user1/test-file is overwritten. I could not achieve the same result via /tmp/.UUID_NODEID, but I have not studied this carefully.
Reposted at https://github.com/rjbs/Data-UUID/issues/5 which is now the preferred bug tracker.
Thanks. As it's now there, I'm closing it here. -- rjbs