Move cache to /var/cache (CVE-2013-6494)

This isn't temporary data, so don't create it in /var/tmp. This also avoids a potential security problem with an attacker creating the cachedir before us, and putting Bad Things in it. This fixes #44 on github and rhbz#1066679.
rhinstaller · Oct 13, 2014 · 42af0d4 · 42af0d4
1 parent 6341783
commit 42af0d4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/fedup/__init__.py b/fedup/__init__.py
@@ -46,7 +46,7 @@
 kernelpath = '/boot/vmlinuz-%s' % kernel_id
 initrdpath = '/boot/initramfs-%s.img' % kernel_id
 
-cachedir = '/var/tmp/system-upgrade'
+cachedir = '/var/cache/system-upgrade'
 packagedir = '/var/lib/system-upgrade'
 packagelist = packagedir + '/package.list'
 upgradeconf = packagedir + '/upgrade.conf'