[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnash-dev] unsafe use of /tmp

From: Patrice Dumas
Subject: [Gnash-dev] unsafe use of /tmp
Date: Fri, 7 Apr 2006 14:01:32 +0200
User-agent: Mutt/


It seems that gnash downloads the .swf files in /tmp. This is unsafe and 
opens the door for a symlink in /tmp attack. Moreover it allows other user
to monitor a user activity. I believe the .swf should be downloaded in 
~/.gnash or similar. Or if downloaded to /tmp it should be done safely
using mkstemp or similar things.

Not a big deal for the cvs version, but if it is distributed widely as it
seems that it is beginning to happen now, I think it should be corrected.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]