6.0.0-beta6
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
4/6/26
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#11756] security: do not use sys_get_temp_dir()
*
Your Email Address
*
Spam protection
Enter the letters below:
.___.___.__ .__.. . [__ [__ [__)| |\ / | | | |__| \/
Comment
> Horde places files with hardcoded names (e.g. 'horde_cache_gc' or > 'passwd.lock') into the directory returned by sys_get_temp_dir(). > Unfortunately, this function is broken by returning always the > world-writable /tmp directory and there is no way to change this (I > am aware of modifying the TMPDIR environment variable, but this > requires changes in the apache startup script affecting the whole > apache server inclusive unrelated vhosts). > > Having cache data in /tmp requires to add this directory to > 'open_basedir' which opens vectors for other security holes. > > There are functional problems too when different vhosts with perhaps > different horde versions are accessing the same /tmp/horde_cache_gc > file. > > You should replace all occurrences of sys_get_temp_dir() with a > utility function which returns e.g. > > | getenv('TMPDIR') ? getenv('TMPDIR') : sys_get_temp_dir() > > So, TMPDIR can be configured per vhost/directory an the apache configuration. > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers