Package: sysdig Version: 0.1.79-1 Severity: normal Hi,
I took a brief look at sysdig today and noticed the following fragment in sysdig.cpp: // // No luck with modprobe either. // Maybe this is a version of sysdig that was compiled from the // sources, so let's make one last attempt with insmod and the // path to the driver directory. // if(!open_success) { system("insmod ../../driver/sysdig-probe.ko > /dev/null 2> /dev/null"); inspector->open(""); } Could this be a security issue if root runs sysdig in /tmp/project1/foo and a local user creates /tmp/driver/sysdig-probe.ko? -Timo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org