[Freedombox-discuss] secure UUIDs
Quoting Tim Retout (2013-07-22 10:06:56)
> On 21 Jul 2013 00:05, "Jonas Smedegaard" <dr at jones.dk> wrote:
>> As mentioned in my previous reply I am working on getting the proper
>> CPAN Data::UUID in Debian, so would be great if you could similarly
>> take a look at that.
> I do not trust CPAN's Data::UUID for other reasons - I filed RT bug
> #69277 a while ago (symlink attack):
> This was while working on Debian bug #632608:
> In short, Data::UUID does not work well on multi-user systems. I seem
> to recall that every user after the first to use the module will end
> up ignoring whatever it was storing in /tmp. I can't see anything in
> the changelog that has addressed this.
You just educated me to inspect bugtrackers more closely: Perhaps if
you'd not closed the Debian bug but left open and tagged as wontfix,
then I'd noticed it when making a move now - but that doesn't excuse my
lack of looking at upstream bugtracker(s - there are more than one!).
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes