Bug#795600: /usr/lib/apt/solvers/dump: insecure use of /tmp
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Bug#795600: /usr/lib/apt/solvers/dump: insecure use of /tmp
- From: Jakub Wilk <jwilk@debian.org>
- Date: Sat, 15 Aug 2015 17:34:20 +0200
- Message-id: <[🔎] 20150815153420.GA452@jwilk.net>
- Reply-to: Jakub Wilk <jwilk@debian.org>, 795600@bugs.debian.org
- In-reply-to: <20150814081408.GA13087@crossbow>
- References: <20120524141028.GH15972@pps.jussieu.fr> <CAAZ6_fDTxvENswTrUxnOGqeUbjO0-OTxRSrmPVAG_wbkLTaz5Q@mail.gmail.com> <20120525085218.GH1483@pps.jussieu.fr> <20150814081408.GA13087@crossbow>
Package: apt
Version: 1.0.10.1
Tags: security
* David Kalnischkies <david@kalnischkies.de>, 2015-08-14, 10:14:
For the record: /usr/lib/apt/solvers/dump is the solver, just pipe in
whatever you want and it will be written to /tmp/edsp.dump
That doesn't sound very secure.
--
Jakub Wilk
Reply to: