Predictable /tmp/zim-USER directory allows for denial of service

[mssalvatore]

Description
Zim creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.

Steps to Reproduce

1. Create two users: user1 and user2.
2. As user1:
   mkdir /tmp/zim-user2
3. As user2:
   Start Zim

Zim will attempt to change the permissions of /tmp/user2 to 0700. Because /tmp/user2 is actually owned by user1, the call to os.chmod() will fail and Zim will crash.

Workaround
An affected user can set the $TMP or $TMPDIR environment variables to point to somewhere that is not world-writable (e.g. /home/USER/tmp).

Version Affected
0.42-beta1 and later

Operating System
Linux

Severity
Low

[carnil]

CVE-2020-10870 appears to have been assigned for this issue.