Garo, as SF seems unresponsible for me I'll comment here. The patch is not full, it is still racy. There is still a period between file_exists() and fopen(). If conky is Linux only (I don't know) then the fix is a call to fopen() with "x" flag (glibc extension, not portable). Otherwise use open(2) with O_EXCL flag and either fdopen(3) + fwrite(3) + fclose(3) or write(2)+close(2).
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/607309 Title: vulnerability: rewrite arbitrary user file -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
