於 2014年09月05日 19:03, Evgeny Kapun 提到: > Package: tribler > Version: 6.2.0+git20130731.149555fa-2 > Tags: security > > The script /usr/bin/tribler redirects its output to /tmp/$USER-tribler.log. > If an attacker creates a symlink with this name pointing to one of the user's > files, this file would be overwritten. > > The safe way to create a file in a world-writable directory like /tmp is > mktemp(1). >
Hi Evgeny, Thanks a lot. I've created a patch https://github.com/Tribler/tribler/pull/831 And I'll prepare a new package upload later. Yours, Paul -- PaulLiu (劉穎駿) E-mail: Ying-Chun Liu (PaulLiu) <[email protected]>
signature.asc
Description: OpenPGP digital signature
