19bf64c2d4
Andres Salomon noticed a problem in the CGI session management of Ruby. CGI::Session's FileStore implementations store session information insecurely. They simply create files, ignoring permission issues. The added patch fixes this issue. ok pvalchev@
13 lines
352 B
Plaintext
13 lines
352 B
Plaintext
$OpenBSD: patch-lib_cgi_session_rb,v 1.1 2004/08/17 16:03:10 robert Exp $
|
|
--- lib/cgi/session.rb.orig Tue Aug 17 02:31:13 2004
|
|
+++ lib/cgi/session.rb Tue Aug 17 02:34:18 2004
|
|
@@ -372,7 +372,7 @@
|
|
begin
|
|
@f = open(path, "r+")
|
|
rescue Errno::ENOENT
|
|
- @f = open(path, "w+")
|
|
+ @f = File.open(path, File::CREAT|File::RDWR, 0600)
|
|
end
|
|
end
|
|
|