Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then pressing 'a' (for animation?) writes to the file /tmp/0000.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
Version: 2.37a-1ubuntu1.1
Blender writes to files in /tmp/ in an insecure fashion. For example, launching blender and then pressing 'a' (for animation?) writes to the file /tmp/0000.jpg.
This can be exploited by a malicious user to overwrite arbitrary files of another user using blender:
mallory@myhost$ ln -s /home/bob/ thesis. tex /tmp/0000.jpg