Replacing the destination file with a symlink would be blocked by the
kernel, but creating an empty file would probably result in the kernel
being trojanable.
This needs to be fixed. Best way would be to create a temp directory and
work inside of it.
** Changed in: flash-kernel (Ubuntu)
Importance: Low => Medium
** Also affects: flash-kernel (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: flash-kernel (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: flash-kernel (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: flash-kernel (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Also affects: flash-kernel (Ubuntu Quantal)
Importance: Medium
Status: Triaged
** Changed in: flash-kernel (Ubuntu Lucid)
Status: New => Confirmed
** Changed in: flash-kernel (Ubuntu Natty)
Status: New => Confirmed
** Changed in: flash-kernel (Ubuntu Oneiric)
Status: New => Confirmed
** Changed in: flash-kernel (Ubuntu Precise)
Status: New => Confirmed
** Changed in: flash-kernel (Ubuntu Lucid)
Importance: Undecided => Medium
** Changed in: flash-kernel (Ubuntu Natty)
Importance: Undecided => Medium
** Changed in: flash-kernel (Ubuntu Oneiric)
Importance: Undecided => Medium
** Changed in: flash-kernel (Ubuntu Precise)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/642855
Title:
Insecure use of temp files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/flash-kernel/+bug/642855/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
