*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
$ dpkg -l libimobiledevic* | grep ^ii
ii libimobiledevice3 1.1.4-1ubuntu6 amd64
Library for communicating with the iPhone and iPod Touch
$ lsb_release -d
Description: Ubuntu Raring Ringtail (development branch)
I just noticed the oddly-named "/tmp/root" on my machine.
$ tree -a /tmp/root
/tmp/root
└── .config
└── libimobiledevice
├── HostCertificate.pem
├── HostPrivateKey.pem
├── libimobiledevicerc
├── RootCertificate.pem
└── RootPrivateKey.pem
Given the names of some of the files and the fact they probably relate to my
phone, I suspect they should not live here, and certainly not be
world-readable, as they currently are:
$ sudo -u nobody sha256sum /tmp/root/.config/libimobiledevice/*
35df7500851f8b77e97da0d19b656233fa70e23933426bcce9c1860ad30d854c
/tmp/root/.config/libimobiledevice/HostCertificate.pem
4a50a2982d2479d7f4cee23c41c93ba0d31bc97732d4d0accaa7e24d643003f1
/tmp/root/.config/libimobiledevice/HostPrivateKey.pem
49bb734ce3a6ac0bf517738e8c13dfdd6281f66bd63e82355a1aa319fd94aa2c
/tmp/root/.config/libimobiledevice/libimobiledevicerc
0753ad5f801544c927af58fa3521784246fe510ee3d7870863db736481e5b278
/tmp/root/.config/libimobiledevice/RootCertificate.pem
aa1d53e80d7033e8ca27ea37b140a8bdb1ae6185371975360751377013131e03
/tmp/root/.config/libimobiledevice/RootPrivateKey.pem
There are some files in $HOME/.config/libimobiledevice with similar
names that date from October 10th 2012.
** Affects: libimobiledevice (Ubuntu)
Importance: Undecided
Status: New
--
user-specific and possible private files are written to a global location
https://bugs.launchpad.net/bugs/1164263
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
