[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-dev] unsafe use of /tmp
From: |
Patrice Dumas |
Subject: |
[Gnash-dev] unsafe use of /tmp |
Date: |
Fri, 7 Apr 2006 14:01:32 +0200 |
User-agent: |
Mutt/1.4.2.1i |
Hello,
It seems that gnash downloads the .swf files in /tmp. This is unsafe and
opens the door for a symlink in /tmp attack. Moreover it allows other user
to monitor a user activity. I believe the .swf should be downloaded in
~/.gnash or similar. Or if downloaded to /tmp it should be done safely
using mkstemp or similar things.
Not a big deal for the cvs version, but if it is distributed widely as it
seems that it is beginning to happen now, I think it should be corrected.
--
Pat
- [Gnash-dev] unsafe use of /tmp,
Patrice Dumas <=