Public bug reported:
Binary package hint: system-config-printer-gnome
system-config-printer/asyncpk1.py create temporary file with fixed name
"foo" under /tmp .
testcase :
1) run "python /usr/share/system-config-printer/asyncpk1.py"
2) click on "Go"
3) click on "Get file"
Result : /tmp/foo created .
the bug can be found at :
def get_file_clicked (self, button):
self.my_file = file ("/tmp/foo", "w")
self.conn.getFile ("/admin/conf/cupsd.conf", file=self.my_file,
reply_handler=self.got_file,
error_handler=self.get_file_error)
fix : use mkstemp alike functionality.
** Affects: system-config-printer (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/793533
Title:
Insecure temporary file creation in asyncpk1.py
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
