[PATCH] Unsafe usage of /tmp in artscontrol

Waldo Bastian bastian at kde.org
Sun Nov 17 12:14:56 GMT 2002


artscontrol can, on request of the user, save to /tmp/default.arts-env. This 
is unsafe, because a symlink attack could trick the user into overwriting one 
of his own files.

The following patch replaces /tmp/default.arts-env with ~/default.arts-env

Thanks to Per Winkvist for pointing out the problem.

Cheers,
Waldo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: artscontrol.diff
Type: text/x-diff
Size: 2158 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20021117/e00dd3e6/attachment.diff>


More information about the kde-core-devel mailing list