[ubuntu-mono] [Bug 782862] [NEW] Insecure temporary file creation in strace option
Emanuel Bronshtein
782862 at bugs.launchpad.net
Sun May 15 02:07:34 UTC 2011
Public bug reported:
Binary package hint: f-spot
strace option inside /usr/bin/f-spot create temporary file with fixed
name "f-spot.strace" under /tmp .
test case :
emanuel at emanuel-desktop:/tmp$ f-spot --strace
emanuel at emanuel-desktop:/tmp$ ls f-spot*
f-spot.strace
the bug can be found at :
elif $run_strace; then
strace -ttt -f -o /tmp/f-spot.strace mono $MONO_OPTIONS $EXE_TO_RUN "$@"
fix :
use mktemp instead : `mktemp "/tmp/f-spot.strace.XXXXXX"`
** Affects: f-spot (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
CLI/Mono Uploaders, which is subscribed to f-spot in Ubuntu.
https://bugs.launchpad.net/bugs/782862
Title:
Insecure temporary file creation in strace option
Status in “f-spot” package in Ubuntu:
New
Bug description:
Binary package hint: f-spot
strace option inside /usr/bin/f-spot create temporary file with fixed
name "f-spot.strace" under /tmp .
test case :
emanuel at emanuel-desktop:/tmp$ f-spot --strace
emanuel at emanuel-desktop:/tmp$ ls f-spot*
f-spot.strace
the bug can be found at :
elif $run_strace; then
strace -ttt -f -o /tmp/f-spot.strace mono $MONO_OPTIONS $EXE_TO_RUN "$@"
fix :
use mktemp instead : `mktemp "/tmp/f-spot.strace.XXXXXX"`
More information about the Ubuntu-mono
mailing list