Information needed for rfus

Ubuntu Software Center noreply at
Wed Jul 11 03:47:21 UTC 2012

Thank you for your patience during the moderation process.

Current status:  Your application rfus Needs Information.

We need some more information
Please respond to this request from our approval team, and then resubmit your application:
Thanks a lot for your submission. This is a review for inclusion into the Ubuntu Software Center. I pushed a couple of minor packaging changes to lp:~~andrewsomething/ubuntu-app-reviews/rfus which you might want to merge.

Unfortunately though, I also came across a more important issue. In my code review, I noticed that you write to '/tmp/rfus.conf' As you ask for root privileges when writing that file, this leads to a security issue. For instance see: The simplest form of attack that this exposes is that say '/ect/passwd' or some other important file is symlinked to  '/tmp/rfus.conf' It would then be over written, making the system unusable.

I'd suggest doing something like:

>>> import tempfile
>>> t = tempfile.NamedTemporaryFile(dir="/tmp")
>>> f = + '-rfus.conf'
>>> print f

Visit the developer portal at to find out more.
To view your application, go to


The Ubuntu Software Center team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the App-review-board mailing list