The temporary file like /tmp/CCDB is a security issue #5
Comments
|
Added '20090226T12:40:28' by 'mnowak' It's already deprecated. DB is now in /var/cache/crash-catcher (via zprikryl). crash-catcher-0.0.1-5.fc11.x86_64 at least. |
This was referenced Feb 4, 2013
jfilak
pushed a commit
to jfilak/abrt
that referenced
this issue
Jul 20, 2016
…_package_sort, btp_rpm_package_uniq. abrt#5
jfilak
pushed a commit
to jfilak/abrt
that referenced
this issue
Jul 20, 2016
- btp_rpm_package_sort used qsort the wrong way - btp_rpm_package_uniq assumed architecture is always present, which is not the case with ABRT reports - sort and uniq the package list extracted from ABRT problem dir, closes abrt#5
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Opened '20090226T12:16:47' by koca as https://fedorahosted.org/abrt/ticket/5
Hi, [[BR]]
The temporary file /tmp/CCDB is a potentially security hole. Malicious users could create e.g symlink and destroy a system file, because daemon is running as a root. [[BR]]
The file /tmp/CCDB would have a random name or saved somewhere where can't write anybody (/var/lock).
The text was updated successfully, but these errors were encountered: