Package: onionshare Version: 1.3-1 Severity: grave Tags: security onionshare uses /tmp/onionshare_server.log as a logfile with --debug.
in onionshare/web.py: | def debug_mode(): | temp_dir = tempfile.gettempdir() | log_handler = logging.FileHandler( | os.path.join(temp_dir, 'onionshare_server.log')) tempfile.gettempdir() returns /tmp. It does not give you a dedicated temp-directory. It is not mkdtemp. -- | .''`. ** Debian ** Peter Palfrader | : :' : The universal https://www.palfrader.org/ | `. `' Operating System | `- https://www.debian.org/