Public bug reported: Binary package hint: python-ubuntuone-client
ubuntuone-client/ubuntuone/syncdaemon/fsm/fsm_draw.py create temporary file with fixed name "graph.debug" under /tmp . test case : emanuel@emanuel-desktop:~$ export PYTHONPATH=/usr/share/xdot/ emanuel@emanuel-desktop:~$ python /usr/share/pyshared/ubuntuone-client/ubuntuone/syncdaemon/fsm/fsm_draw.py /usr/share/pyshared/ubuntuone-client/ubuntuone/syncdaemon/u1fsfsm.py Parsing file... (Mon Jun 6 15:32:14 2011) Building graph... (Mon Jun 6 15:32:16 2011) Drawing... (Mon Jun 6 15:32:16 2011) emanuel@emanuel-desktop:~$ ls -laF /tmp/graph.debug -rw-r--r-- 1 emanuel emanuel 13587 2011-06-06 15:32 /tmp/graph.debug the bug can be found at : dotcode = graph_base % "\n".join(graph_lines) if debug: a = open("/tmp/graph.debug", "w") a.write(dotcode) a.close() fix : use mkstemp alike functionality. ** Affects: ubuntuone-client (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/793502 Title: Insecure temporary file creation in fsm_draw.py -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs