Closed JLLeitschuh closed 2 years ago
Hi @JLLeitschuh, thanks for submitting this request; I'll take a look
Thanks! Added the following to the top issue:
NOTE: This is NOT temporary directory hijacking. However, the end-result directory would be world-readable, thus the change made would not have fixed the underlying information disclosure security issue.
@JLLeitschuh This looks like a more appropriate recipe for this security vulnerability UseFilesCreateTempDirectory UseFilesCreateTempDirectory Tests
Fixed by 5fef333
This is accurate
Problem
SecureTempFileCreation
fixes wrong problem in the presence of insecure temporary directory creation.Example diff
NOTE: This is NOT temporary directory hijacking. However, the end-result directory would be world-readable, thus the change made would not have fixed the underlying information disclosure security issue.
Expected Diff
Recipes in example diff:
References:
1sI1z