Package: comix Version: 3.6.4-1 Severity: grave Justification: user security hole Tags: security
*** Please type your report below this line *** /usr/bin/comix, line 10494: # ======================================================= # Create the temporary directory used in this Comix session. # The dir is /tmp/comix/<num> where <num> is 1 or higher # depending on the number of Comix sessions opened. # ======================================================= if not os.path.exists('/tmp/comix/'): os.makedirs('/tmp/comix/') os.chmod('/tmp/comix/', 0700) dir_number = 1 while 1: if not os.path.exists('/tmp/comix/' + str(dir_number)): os.mkdir('/tmp/comix/' + str(dir_number)) os.chmod('/tmp/comix/' + str(dir_number), 0700) self.base_dir = '/tmp/comix/' + str(dir_number) + '/' break dir_number += 1 Completely predictable filenames and chmodding after creation open this up for symlink attack. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (700, 'testing'), (500, 'stable'), (400, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages comix depends on: ii gconf2 2.20.1-2 GNOME configuration database syste ii python 2.4.4-6 An interactive high-level object-o ii python-gtk2 2.12.1-1 Python bindings for the GTK+ widge ii python-imaging 1.1.6-1 Python Imaging Library comix recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]