Comment 1 for bug 116803

Revision history for this message
Kees Cook (kees) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy.

While this is an ugly bug, it can't be used to make world-writable directories less secure. Resource DoS's in temporary file areas is already possible if an attacker knows the filename being opened (which is why using mkstemp() is so important). For a hash colllision, this requirement is still true. Hitting this bug is like having another user fill up the entire /tmp partition: a user is suddenly unable to make temp files.

Please feel free to report any other bugs you may find.