samsonfung11 / fern-wifi-cracker

Automatically exported from code.google.com/p/fern-wifi-cracker
0 stars 0 forks source link

Security vulnerability: Fern may create world-readable temporary files and directories in `/tmp`. #72

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
In several locations throughout the code, Fern creates temporary directories
and files in `/tmp`. Depending on the process's file creation mask, these
temporary directories and files may be world-reable. They should not be.

Preferably, the temporary directories should have the permissions 700 and the
temporary files should have the permissions 600.

You can set the directory permissions like so:

    os.mkdir('/tmp/fern-log/WEP-DUMP', 0700)

And you can set the file permissions like so:

    os.close(os.open('/tmp/fern-log/WEP-DUMP/wep_dump', os.O_CREAT, 0600))

This bug is present in Fern revision 217 and earlier.

Original issue reported on code.google.com by TeitelmanEvan@gmail.com on 22 Jul 2013 at 11:35

GoogleCodeExporter commented 9 years ago
Bug has been fixed, Thank you very much for the report :)

Original comment by saviob...@rocketmail.com on 23 Jul 2013 at 5:38