Sven Dowideit wrote: > neat summary Joey :) > > The reason that I made it world writeable, is that twiki cgi's can be > run from the command line by anyone, and in doing so, create a session > file. > > This is used by cronjobs, and so that users can script additions to > topics etc.
Makeing the temporary directory mode 1777 would not prevent that, but would prevent users from deleting and replacing twiki temp files. That and making the opens use O_EXCL, would cover the security issues I mentioned. -- see shy jo
signature.asc
Description: Digital signature
