Re: Temporary files written to predetermined location during build

Anthony Youngman <antlists -AT- youngman.org.uk>
Wed, 13 Sep 2017 18:39:45 +0100

On 11/09/17 10:07, Rene Engelhard wrote:

that definitely looks like a bug, it should create that inside some
random subdirectory..

Yes, especially as/tmp/<something predictable> is (also) a security-related bug
(possible symlink attack)..

See alsohttp://bugs.debian.org/875415  which I just received...

My experience of /tmp is that most things seem to create and write to/tmp/username or similar - it's odd to write straight into /tmp.

And that I guess is what's behind the original bug reported - the firstuser obviously created a directory with permissions set for him, thenthe second user came along, tried to use the same directory, and withoutwrite permission the second build fell over. (Obviously, whether thathappens depends on how fast the reaper reaps the contents of /tmp.)


Cheers,
Wol

Context

Temporary files written to predetermined location during build · Paul Menzel
- Re: Temporary files written to predetermined location during build · Michael Stahl
  - Re: Temporary files written to predetermined location during build · Jean-Baptiste Faure
    - Re: Temporary files written to predetermined location during build · Rene Engelhard
      - Re: Temporary files written to predetermined location during build · Paul Menzel
        
        Re: Temporary files written to predetermined location during build · Jean-Baptiste Faure
      - Re: Temporary files written to predetermined location during build · Jean-Baptiste Faure
        
        Re: Temporary files written to predetermined location during build · Paul Menzel
  - Re: Temporary files written to predetermined location during build · Rene Engelhard
    - Re: Temporary files written to predetermined location during build · Anthony Youngman
      - Re: Temporary files written to predetermined location during build · Rene Engelhard

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.