Temporary files written to predetermined location during build
Anthony Youngman
antlists at youngman.org.uk
Wed Sep 13 17:39:45 UTC 2017
On 11/09/17 10:07, Rene Engelhard wrote:
>> that definitely looks like a bug, it should create that inside some
>> random subdirectory..
> Yes, especially as/tmp/<something predictable> is (also) a security-related bug
> (possible symlink attack)..
>
> See alsohttp://bugs.debian.org/875415 which I just received...
My experience of /tmp is that most things seem to create and write to
/tmp/username or similar - it's odd to write straight into /tmp.
And that I guess is what's behind the original bug reported - the first
user obviously created a directory with permissions set for him, then
the second user came along, tried to use the same directory, and without
write permission the second build fell over. (Obviously, whether that
happens depends on how fast the reaper reaps the contents of /tmp.)
Cheers,
Wol
More information about the LibreOffice
mailing list