[PATCH] Unsafe usage of /tmp in artscontrol
Waldo Bastian
bastian at kde.org
Sun Nov 17 12:14:56 GMT 2002
artscontrol can, on request of the user, save to /tmp/default.arts-env. This
is unsafe, because a symlink attack could trick the user into overwriting one
of his own files.
The following patch replaces /tmp/default.arts-env with ~/default.arts-env
Thanks to Per Winkvist for pointing out the problem.
Cheers,
Waldo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: artscontrol.diff
Type: text/x-diff
Size: 2158 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20021117/e00dd3e6/attachment.diff>
More information about the kde-core-devel
mailing list