Information needed for rfus
Ubuntu Software Center
noreply at canonical.com
Wed Jul 11 03:47:21 UTC 2012
Thank you for your patience during the moderation process.
Current status: Your application rfus Needs Information.
We need some more information
Please respond to this request from our approval team, and then resubmit your application:
Thanks a lot for your submission. This is a review for inclusion into the Ubuntu Software Center. I pushed a couple of minor packaging changes to lp:~~andrewsomething/ubuntu-app-reviews/rfus which you might want to merge.
Unfortunately though, I also came across a more important issue. In my code review, I noticed that you write to '/tmp/rfus.conf' As you ask for root privileges when writing that file, this leads to a security issue. For instance see: http://lwn.net/Articles/250468/ The simplest form of attack that this exposes is that say '/ect/passwd' or some other important file is symlinked to '/tmp/rfus.conf' It would then be over written, making the system unusable.
I'd suggest doing something like:
>>> import tempfile
>>> t = tempfile.NamedTemporaryFile(dir="/tmp")
>>> f = t.name + '-rfus.conf'
>>> print f
/tmp/tmpLcAYAy-rfus.conf
Visit the developer portal at https://myapps.developer.ubuntu.com/dev/ to find out more.
To view your application, go to https://myapps.developer.ubuntu.com/dev/apps/1190/
Best,
The Ubuntu Software Center team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/app-review-board/attachments/20120711/06efa62e/attachment-0001.html>
More information about the App-review-board
mailing list