[ubuntu-mono] [Bug 782862] Re: Insecure temporary file creation in strace option
Marc Deslauriers
marc.deslauriers at canonical.com
Fri Jul 8 15:07:50 UTC 2011
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to f-spot in Ubuntu.
https://bugs.launchpad.net/bugs/782862
Title:
Insecure temporary file creation in strace option
Status in “f-spot” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: f-spot
strace option inside /usr/bin/f-spot create temporary file with fixed
name "f-spot.strace" under /tmp .
test case :
emanuel at emanuel-desktop:/tmp$ f-spot --strace
emanuel at emanuel-desktop:/tmp$ ls f-spot*
f-spot.strace
the bug can be found at :
elif $run_strace; then
strace -ttt -f -o /tmp/f-spot.strace mono $MONO_OPTIONS $EXE_TO_RUN "$@"
fix :
use mktemp instead : `mktemp "/tmp/f-spot.strace.XXXXXX"`
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/f-spot/+bug/782862/+subscriptions
More information about the Ubuntu-mono
mailing list