BugTraq
Zip 2,31 bad default file-permissions vulnerability Aug 02 2005 10:22PM
Imran Ghory (imranghory gmail com) (1 replies)
Re: Zip 2,31 bad default file-permissions vulnerability Aug 04 2005 08:53AM
Lupe Christoph (lupe lupe-christoph de)
Quoting Imran Ghory <imranghory (at) gmail (dot) com [email concealed]>:

> A zip file created by Zip 2.3.1 has the permissions 644 by default,
> Therefore any file compressed becomes world readable.

Zip 2.3 works correctly:
$ (umask 0; zip test.zip feedlist.opml; ls -l test.zip; rm test.zip)
adding: feedlist.opml (deflated 80%)
-rw-rw-rw- 1 lupe lupe 3156 Aug 4 10:52 test.zip
$ (umask 077; zip test.zip feedlist.opml; ls -l test.zip; rm test.zip)
adding: feedlist.opml (deflated 80%)
-rw------- 1 lupe lupe 3156 Aug 4 10:52 test.zip

HTH,
Lupe Christoph
--
| lupe (at) lupe-christoph (dot) de [email concealed] | http://www.lupe-christoph.de/ |
| "... putting a mail server on the Internet without filtering is like |
| covering yourself with barbecue sauce and breaking into the Charity |
| Home for Badgers with Rabies. Michael Lucas |

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus