dogtail-devel [Bug 593190] New: creates log files in shared directory with fixed name (/tmp/dogtail)

From: dogtail (bugzilla.gnome.org) <bugzilla gnome org>
To: dogtail-devel-list gnome org
Subject: dogtail-devel [Bug 593190] New: creates log files in shared directory with fixed name (/tmp/dogtail)
Date: Wed, 26 Aug 2009 17:34:25 -0000

http://bugzilla.gnome.org/show_bug.cgi?id=593190

           Summary: creates log files in shared directory with fixed name
                    (/tmp/dogtail)
    Classification: Other
           Product: dogtail
           Version: CVS HEAD
        OS/Version: All
            Status: UNCONFIRMED
          Severity: major
          Priority: Normal
         Component: Framework
        AssignedTo: dogtail-maint gnome bugs
        ReportedBy: sascha-web-bugzilla gnome org silbe org
         QAContact: dogtail-maint gnome bugs
      GNOME target: ---
     GNOME version: ---


--- Comment #0 from Sascha Silbe <sascha-web-bugzilla gnome org silbe org> 2009-08-26 17:34:20 UTC ---
Dogtail saves the log files in /tmp/dogtail instead of the current directory.
Not only will this break if multiple users on the same host (e.g. a shared
development server / build host) try to use it, but it also presents an
opportunity for a symlink attack.
This has been reported to Debian by someone else in 2008 (see
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485752 ), including a patch.

-- 
Configure bugmail: http://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]