Closed Bug 58690 Opened 24 years ago Closed 24 years ago

/tmp/formpost* files are left behind and are readable by all

Categories

(SeaMonkey :: General, defect, P3)

x86
Linux
defect

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 15320

People

(Reporter: sspitzer, Assigned: pollmann)

Details

(Keywords: relnote, Whiteboard: relnote-user [rtm need info])

the code is in mozilla/layout/html/forms/src/nsFormFrame.cpp [seth@sspitzer /tmp]$ ls -al formpost* -rw-rw-r-- 1 seth seth 2708 Oct 28 13:51 formpost -rw-rw-r-- 1 seth seth 59244 Oct 30 20:43 formpost-10 -rw-rw-r-- 1 seth seth 7979 Oct 23 14:01 formpost-2 -rw-rw-r-- 1 seth seth 828 Oct 25 17:02 formpost-3 -rw-rw-r-- 1 seth seth 8178 Oct 25 17:03 formpost-4 -rw-rw-r-- 1 seth seth 9041 Oct 30 11:36 formpost-5 -rw-rw-r-- 1 seth seth 1950 Oct 30 11:49 formpost-6 -rw-rw-r-- 1 seth seth 26164 Oct 30 14:00 formpost-7 -rw-rw-r-- 1 seth seth 35243 Oct 30 16:17 formpost-8 -rw-rw-r-- 1 seth seth 2202 Oct 30 18:36 formpost-9
could this be called a security hole? pdt loves those.
relnote: Please map your temp directory into your homedir. Then pray that umask solves this. Sorry: I couldn't find my way around that paper bag.
Severity: normal → critical
Keywords: mozilla0.9, relnote, rtm
Whiteboard: relnote-user
It's definitely a security hole on any sort of multiuser system... Especially one that has multiple users routinely logged in at the same time. Do the formpost files get saved for all form submissions? Inclusing ones done over SSL? If so, then these files could contain very sensitive information...
according to mscott, this is a duplicate of another of pollmann's bugs. I think we should fix the permissions and remove the files.
Whiteboard: relnote-user → relnote-user [rtm need info]
These files will only get created for file upload (multipart/form-data), *not* general form post. That means about 99% of the forms you post will not leave these kinds of files around. Scott is right, this is a duplicate of bug 15320. The idea is to not create these files at all, though this will be a significant amount of rewrite to move the form post header generation logic over to necko. In fact, adding logic to remove them will also be a significant amount of rewrite - possibly more than just not creating them... Marking this a duplicate. *** This bug has been marked as a duplicate of 15320 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.