oss-sec mailing list archives
pinocchio tmp vuln
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 09 Sep 2014 00:21:13 -0600
https://pypi.python.org/pypi/pinocchio/ pinocchio stopwatch --with-stopwatch Select tests based on execution time pinocchio-0.4.1/pinocchio/stopwatch.py def finalize(self, result): """ Save the recorded times, OR dump them into /tmp if the file open fails. """ try: fp = open(self.stopwatch_file, 'w') except (IOError, OSError): t = int(time.time()) filename = '/tmp/nose-stopwatch-%s.pickle' % (t,) int(time.time) is easily guessed, create a few thousand and you're covered for the next few hours and can stop anyone from using stopwatch, or you can just blow away files as usual =). fp = open(filename, 'w') log.warning('WARNING: stopwatch cannot write to "%s"' % (self.stopwatch_file)) log.warning('WARNING: stopwatch is using "%s" to save times' % (filename,)) dump(self.times, fp) fp.close() -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- pinocchio tmp vuln Kurt Seifried (Sep 08)
- Re: pinocchio tmp vuln David Jorm (Sep 08)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln Steve Kemp (Sep 09)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln Henri Salo (Sep 09)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 09)
- Re: pinocchio tmp vuln Donald Stufft (Sep 11)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln John Haxby (Sep 09)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln John Haxby (Sep 11)
- Re: pinocchio tmp vuln David Jorm (Sep 08)