diff options
author | Sawyer X <xsawyerx@cpan.org> | 2016-04-06 13:27:42 +0100 |
---|---|---|
committer | Steve Hay <steve.m.hay@googlemail.com> | 2016-04-06 13:28:00 +0100 |
commit | 344957d5a31c3d79d195b7877d4b51ac69c7cc6d (patch) | |
tree | da51e7ebc42510b5d1fc30ff64acf524961822bd | |
parent | 8b72f15d288dad778af5a1477f8742c09a8574d4 (diff) | |
download | perl-344957d5a31c3d79d195b7877d4b51ac69c7cc6d.tar.gz |
Document e57270be442bfaa9dc23eebd67485e5a806b44e3:
I wasn't sure where or how much of it to document, but it seems
like it's important, and this relating to permissions not being
removed, I consider it security-related. This is similiar to what
the original Debian ticket that relates to it mentioned.
I've cut Niko's text a bit shorter, taken from the commit message
itself.
(cherry picked from commit 07450df75585c03dda7c25f07a88139918aeb0ea)
-rw-r--r-- | pod/perldelta.pod | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/pod/perldelta.pod b/pod/perldelta.pod index f3d55df368..12841aae82 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -39,6 +39,19 @@ L<[perl #126755]|https://rt.perl.org/Ticket/Display.html?id=126755> This is CVE-2015-8607. For more information see L<[perl #126862]|https://rt.perl.org/Ticket/Display.html?id=126862> +=head2 Set proper umask before calling C<mkstemp(3)> + +In 5.22 perl started setting umask to 0600 before calling C<mkstemp(3)> +and restoring it afterwards. This wrongfully tells open(2) to strip +the owner read and write bits from the given mode before applying it, +rather than the intended negation of leaving only those bits in place. + +Systems that use mode 0666 in C<mkstemp(3)> (like old versions of +glibc) createa a file with permissions 0066, leaving world read and +write permissions regardless of current umask. + +This has been fixed by using umask 0177 instead. [perl #127322] + =head1 Incompatible Changes XXX For a release on a stable branch, this section aspires to be: |