oss-sec mailing list archives
Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Tue, 21 Jan 2014 09:28:39 -0500
as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a TOCTOU failure in python's xdg module (see attached message). Could a CVE be assigned to this? --dkg
--- Begin Message --- From: Jakub Wilk <jwilk () debian org>
Date: Tue, 21 Jan 2014 14:45:11 +0100
Package: python-xdg Version: 0.25-3 Severity: important Tags: securityxdg.BaseDirectory.get_runtime_dir(strict=False) is prone to symlink attacks. A malicious local user could do the following:1) Create symlink /tmp/pyxdg-runtime-dir-fallback-victim, pointing to a directory owned by the victim, say /home/victim.2) Wait until the victim calls get_runtime_dir(strict=False), which succeeds and returns "/tmp/pyxdg-runtime-dir-fallback-victim".3) Switch the symlink to point to a directory of their choice. -- Jakub Wilk _______________________________________________ Python-modules-team mailing list Python-modules-team () lists alioth debian org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
--- End Message ---
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp Daniel Kahn Gillmor (Jan 21)