[Gnash-dev] unsafe use of /tmp

gnash-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-dev] unsafe use of /tmp

From:	Patrice Dumas
Subject:	[Gnash-dev] unsafe use of /tmp
Date:	Fri, 7 Apr 2006 14:01:32 +0200
User-agent:	Mutt/1.4.2.1i

Hello,

It seems that gnash downloads the .swf files in /tmp. This is unsafe and 
opens the door for a symlink in /tmp attack. Moreover it allows other user
to monitor a user activity. I believe the .swf should be downloaded in 
~/.gnash or similar. Or if downloaded to /tmp it should be done safely
using mkstemp or similar things.

Not a big deal for the cvs version, but if it is distributed widely as it
seems that it is beginning to happen now, I think it should be corrected.

--
Pat

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnash-dev] unsafe use of /tmp, Patrice Dumas <=
- Re: [Gnash-dev] unsafe use of /tmp, Rob Savoye, 2006/04/07

Prev by Date: [Gnash-dev] MovieClip class partially implemented
Next by Date: Re: [Gnash-dev] unsafe use of /tmp
Previous by thread: [Gnash-dev] MovieClip class partially implemented
Next by thread: Re: [Gnash-dev] unsafe use of /tmp
Index(es):
- Date
- Thread