[Freedombox-discuss] secure UUIDs
On 21 Jul 2013 00:05, "Jonas Smedegaard" <dr at jones.dk> wrote:
> Quoting Tim Retout (2013-07-21 00:25:16)
> > On 20 Jul 2013 23:01, "Tim Retout" <diocles at debian.org> wrote:
> As mentioned in my previous reply I am working on getting the proper
> CPAN Data::UUID in Debian, so would be great if you could similarly take
> a look at that.
I do not trust CPAN's Data::UUID for other reasons - I filed RT bug #69277
a while ago (symlink attack):
This was while working on Debian bug #632608:
In short, Data::UUID does not work well on multi-user systems. I seem to
recall that every user after the first to use the module will end up
ignoring whatever it was storing in /tmp. I can't see anything in the
changelog that has addressed this.
-------------- next part --------------
An HTML attachment was scrubbed...