Package: xrdp Version: 0.5.0~20100303cvs-6 Tags: security Severity: important User: debian-...@lists.debian.org Usertags: debian-edu
I discovered this on Debian Edu/Squeeze, and it made me wonder if there is some security risk involved here. When starting xrdp, the following files are created in /tmp/: srwxr-xr-x 1 xrdp xrdp 0 16 jan. 09:49 /tmp/xrdp_000007ba_listen_pro_done_event srwxr-xr-x 1 xrdp xrdp 0 16 jan. 09:49 /tmp/xrdp_000007ba_main_sync srwxr-xr-x 1 xrdp xrdp 0 16 jan. 09:49 /tmp/xrdp_000007ba_main_term srwxr-xr-x 1 root root 0 16 jan. 09:49 /tmp/xrdp_sesman_000007cc_main_sync srwxr-xr-x 1 root root 0 16 jan. 09:49 /tmp/xrdp_sesman_000007cc_main_term The file names seem to be predictable, and unless much care is taken when the files are created, this could be a security risk. Is this a security issue, or is it harmless? In any case, it would be nice if these sockets could be moved elsewhere, either into a subdirectory like /tmp/xrdp/ or into /var/run/. I assume they should not be automatically cleaned out by the jobs that might remove old files from /tmp/ from time to time. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
