|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Zip 2,31 bad default file-permissions vulnerability
From: Lupe Christoph (lupe
lupe-christoph.de)
Date: Thu Aug 04 2005 - 03:53:55 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Quoting Imran Ghory <imranghorygmail.com>:
> A zip file created by Zip 2.3.1 has the permissions 644 by default,
> Therefore any file compressed becomes world readable.
Zip 2.3 works correctly:
$ (umask 0; zip test.zip feedlist.opml; ls -l test.zip; rm test.zip)
adding: feedlist.opml (deflated 80%)
-rw-rw-rw- 1 lupe lupe 3156 Aug 4 10:52 test.zip
$ (umask 077; zip test.zip feedlist.opml; ls -l test.zip; rm test.zip)
adding: feedlist.opml (deflated 80%)
-rw------- 1 lupe lupe 3156 Aug 4 10:52 test.zip
HTH,
Lupe Christoph
--
| lupelupe-christoph.de | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]