On 2019-06-24 10:13:43 +1000, Cameron Simpson wrote:
> On 23Jun2019 12:36, vincent lefevre <[email protected]> wrote:
> > I'm not sure whether this is a good idea. The temporary directory
> > may be (and often is) world-writable, and on multi-user machines,
> > this increases the risk of vulnerability. For instance, some
> > programs may consider configuration files in the current working
> > directory, and/or may write/re-read files there.
>
> Ugh. Yes. Have we got some real world examples in mind?
I had discovered two such bugs (or similar):
* A bug in xpdf (typically the kind of program that can be run from
mailcap), with possible code execution when opening a URL from the
PDF file:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641941
* With inkscape + .eps argument, inkscape was changing the current
working directory to /tmp before handling the argument:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341
(CVE-2012-6076)
--
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
