15 Mar
2005
15 Mar
'05
12:46 p.m.
Alexandre Julliard julliard@winehq.org writes:
Marcus Meissner meissner@suse.de writes:
--- server/registry.c 10 Mar 2005 11:18:31 -0000 1.63 +++ server/registry.c 14 Mar 2005 16:38:54 -0000 @@ -1610,7 +1610,7 @@ for (;;) { sprintf( p, "reg%lx%04x.tmp", (long) getpid(), count++ );
if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0666 )) != -1) break;
if ((fd = open( tmp, O_CREAT | O_EXCL | O_WRONLY, 0600 )) != -1) break;That one is not in /tmp, it's in the user's home directory.
Home directories are group readable on many sites, so to prevent information leakage 0600 would still be prudent.
--
Peter Bortas http://peter.bortas.org