Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy.
While this is an ugly bug, it can't be used to make world-writable directories less secure. Resource DoS's in temporary file areas is already possible if an attacker knows the filename being opened (which is why using mkstemp() is so important). For a hash colllision, this requirement is still true. Hitting this bug is like having another user fill up the entire /tmp partition: a user is suddenly unable to make temp files.
Please feel free to report any other bugs you may find.
Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy.
While this is an ugly bug, it can't be used to make world-writable directories less secure. Resource DoS's in temporary file areas is already possible if an attacker knows the filename being opened (which is why using mkstemp() is so important). For a hash colllision, this requirement is still true. Hitting this bug is like having another user fill up the entire /tmp partition: a user is suddenly unable to make temp files.
Please feel free to report any other bugs you may find.