Description
Zim creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.
Steps to Reproduce
Create two users: user1 and user2.
As user1: mkdir /tmp/zim-user2
As user2:
Start Zim
Zim will attempt to change the permissions of /tmp/user2 to 0700. Because /tmp/user2 is actually owned by user1, the call to os.chmod() will fail and Zim will crash.
Workaround
An affected user can set the $TMP or $TMPDIR environment variables to point to somewhere that is not world-writable (e.g. /home/USER/tmp).
Version Affected
0.42-beta1 and later
Operating System
Linux
Severity
Low
The text was updated successfully, but these errors were encountered:
Description
Zim creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.
Steps to Reproduce
mkdir /tmp/zim-user2Start Zim
Zim will attempt to change the permissions of /tmp/user2 to 0700. Because /tmp/user2 is actually owned by user1, the call to
os.chmod()will fail and Zim will crash.Workaround
An affected user can set the $TMP or $TMPDIR environment variables to point to somewhere that is not world-writable (e.g.
/home/USER/tmp).Version Affected
0.42-beta1 and later
Operating System
Linux
Severity
Low
The text was updated successfully, but these errors were encountered: