Package: vagrant Version: 1.7.4+dfsg-1 vagrant uses hardcoded pathes containing /tmp in a lot of scripts. This means files in a world-writables directory are created or removed.
IMO, this is forbidden by the Debian policy, chapter 10.4. This is mostly done in the provisioners and guest plugins, when doing comm.sudo or machine.communicate.sudo. Even if those commands are executed on the guest machine, vagrant can be called multiple times for a client, thus a malicious program on the guest could create a symlink in /tmp and then the vagrant call would overwrite a file where this symlink is pointing to. -- regards Thomas
