Improve management of temp files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
LaTeXDraw |
Fix Released
|
Medium
|
arno_b |
Bug Description
An attacker can stop latexdraw (e.g. send it SIGSTOP), see
what temp file it is using, symlink /tmp/latexdrawT
random file that the user has permission to write to and then latex will fill
that file with rubbish.
The standard approach for this is to use a separate directory within /tmp for
the set of temp files. The normal way of doing this in a shell script is with
the "mktemp -d" command. The start of some
code to do this properly can be found at:
http://
as you can see from the comments on the page, it's a non-trivial thing to get
right... marking the directory as .deleteOnExit() also seems sensible to make
sure it's cleaned up should latexdraw crash prior to cleanup.
Changed in latexdraw: | |
assignee: | nobody → arno_b (arno.b) |
status: | New → Fix Committed |
Changed in latexdraw: | |
status: | Fix Committed → Fix Released |