PSPP-BUG: [bug #15723] HTML driver creates .png files insecurely

bug-gnu-pspp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PSPP-BUG: [bug #15723] HTML driver creates .png files insecurely

From:	Ben Pfaff
Subject:	PSPP-BUG: [bug #15723] HTML driver creates .png files insecurely
Date:	Sun, 12 Feb 2006 09:38:22 -0800
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Debian/1.7.8-1

URL:
  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=15723>

                 Summary: HTML driver creates .png files insecurely
                 Project: PSPP
            Submitted by: blp
            Submitted on: Sun 02/12/06 at 09:38
                Category: Output Driver
                Severity: 7 - Major
                  Status: None
             Assigned to: None
             Open/Closed: Open
                 Release: None
                  Effort: 0.00

    _______________________________________________________

Details:

The HTML driver creates .png files in /tmp in predictable names without using
O_EXCL, so it is a security hole.  It should instead use O_EXCL or create them
in the same directory as the .html file.






    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=15723>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

PSPP-BUG: [bug #15723] HTML driver creates .png files insecurely, Ben Pfaff <=

Prev by Date: PSPP-BUG: [bug #15704] COUNT command should accept a variable list.
Next by Date: PSPP-BUG: [bug #15756] Auxilliary variable parameter records doco
Previous by thread: PSPP-BUG: [bug #15704] COUNT command should accept a variable list.
Next by thread: PSPP-BUG: [bug #15756] Auxilliary variable parameter records doco
Index(es):
- Date
- Thread