Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
a-a-i-d-to-abrt-cache: make own random temporary directory
The set-user-ID wrapper must use own new temporary directory in order to avoid security issues with unpacking specially crafted debuginfo packages that might be used to create files or symlinks anywhere on the file system as the abrt user. Withot the forking code the temporary directory would remain on the filesystem in the case where all debuginfo data are already available. This is caused by the fact that the underlying libreport functionality accepts path to a desired temporary directory and creates it only if necessary. Otherwise, the directory is not touched at all. This commit addresses CVE-2015-5273 Signed-off-by: Jakub Filak <jfilak@redhat.com>
- Loading branch information
Jakub Filak
committed
Nov 23, 2015
1 parent
bfd3a45
commit 50ee813
Showing
2 changed files
with
38 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters