Re: severity for bugs in ignoring TMP/TMPDIR?
On Fri, Feb 10, 2012 at 4:35 PM, Javier Fernandez-Sanguino wrote:
> If you (or the maintainer) review the code or analyse the program's
> behaviour and it is using *fixed* (i.e. not random) filenames for the
> temporary files or for the directories they are created in (/tmp or
> /var/tmp), you might want to suggest the maintainer to review if the
> code in charge of creating temporary files is doing this properly.
Should I find hard-coded uses of /tmp/, do you have any suggestions or
tips about how to assess the security impact of these issues. Up to
now I simply created symlinks as the nobody user from /tmp/foo to
~pabs/foo and checked if ~pabs/foo was overwritten. I wonder if there
are any tools to automatically assess the impact of these issues by
using LD_PRELOAD and or fs/user namespaces, are you aware of any of
> I'm sure the situation has *not* improved since then.
Based on a quick grep of /usr/bin/* I expect you are correct.
I wonder if a pedantic/experimental lintian warning about hardcoding
use of /tmp/ would be doable or helpful, any thoughts?