| version 1.15, 2001/03/19 16:38:22 |
version 1.16, 2001/03/22 10:43:35 |
|
|
| <ul> |
<ul> |
| <a name=readline></a> |
<a name=readline></a> |
| <li><font color=#009000><strong>040: SECURITY FIX: Mar 18, 2001</strong></font><br> |
<li><font color=#009000><strong>040: SECURITY FIX: Mar 18, 2001</strong></font><br> |
| The readline library shipped with OpenBSD allows history files creation with |
The readline library shipped with OpenBSD allows history files creation |
| a permissive umask. This can lead to the leakage of sensitive information |
with a permissive |
| in applications that use passwords and the like during user interaction |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=umask&sektion=2">umask(2)</a>. |
| (one such application is mysql). Additionally, if the HOME environment |
This can lead to the leakage of sensitive information in applications |
| variable is not set, the current working directory is used; this patch |
that use passwords and the like during user interaction (one such |
| disables the history file if HOME is not set.<br> |
application is mysql). Additionally, if the HOME environment variable |
| |
is not set, the current working directory is used; this patch disables |
| |
the history file if HOME is not set.<br> |
| <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/040_readline.patch |
<a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/040_readline.patch |
| ">A source code patch exists which remedies the problem.</a><br> |
">A source code patch exists which remedies the problem.</a><br> |
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to errata27.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www