Security vulnerability: Fern may create world-readable temporary files and directories in `/tmp`.

[GoogleCodeExporter]

In several locations throughout the code, Fern creates temporary directories
and files in `/tmp`. Depending on the process's file creation mask, these
temporary directories and files may be world-reable. They should not be.

Preferably, the temporary directories should have the permissions 700 and the
temporary files should have the permissions 600.

You can set the directory permissions like so:

    os.mkdir('/tmp/fern-log/WEP-DUMP', 0700)

And you can set the file permissions like so:

    os.close(os.open('/tmp/fern-log/WEP-DUMP/wep_dump', os.O_CREAT, 0600))

This bug is present in Fern revision 217 and earlier.

Original issue reported on code.google.com by TeitelmanEvan@gmail.com on 22 Jul 2013 at 11:35

[GoogleCodeExporter]

Bug has been fixed, Thank you very much for the report :)

Original comment by saviob...@rocketmail.com on 23 Jul 2013 at 5:38

• Added labels: ****
• Removed labels: ****