FS#291 - World-readable and writable cookie jar
Attached to Project:
Uzbl
Opened by Luca Bruno (kaeso) - 2012-02-11 01:11:03 PM
Last edited by Brendan Taylor (bct) - 2012-07-23 11:49:28 PM
Opened by Luca Bruno (kaeso) - 2012-02-11 01:11:03 PM
Last edited by Brendan Taylor (bct) - 2012-07-23 11:49:28 PM
|
DetailsFrom Debian bugtracker:
> $ ls -ld ~/.local/{,share/{,uzbl/{,cookies.txt}}} > drwxr-xr-x 3 user users 4096 Feb 9 23:29 /home/user/.local/ > drwxr-xr-x 4 user users 4096 Feb 9 23:29 /home/user/.local/share/ > drwxr-xr-x 2 user users 4096 Feb 9 23:29 /home/user/.local/share/uzbl/ > -rw-rw-rw- 1 user users 732 Feb 9 23:29 /home/user/.local/share/uzbl/cookies.txt > >This allows local users to steal cookies (and tamper with them). This has been reported as Debian bug #659379: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659379 A CVE request is currently pending and a CVE id should be issued soon: http://seclists.org/oss-sec/2012/q1/414 |
This task depends upon
Closed by Brendan Taylor (bct)
2012-07-23 11:49:28 PM
Reason for closing: Fixed
Additional comments about closing: this was fixed in the may release
2012-07-23 11:49:28 PM
Reason for closing: Fixed
Additional comments about closing: this was fixed in the may release
I cooked a quick patch for cookie plugin handler, for which a pull request is pending:
https://github.com/Dieterbe/uzbl/pull/76
I'd be glad if you could be please review and fix.
I'm going to upload this in a couple of days, if no objections.