Bug 593190 – creates log files in shared directory with fixed name (/tmp/dogtail)

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 593190 - creates log files in shared directory with fixed name (/tmp/dogtail)


Summary:	creates log files in shared directory with fixed name (/tmp/dogtail)


Status:	RESOLVED FIXED

Product:	dogtail
Classification:	Deprecated
Component:	Framework
Version:	0.7.0
Hardware:	Other All

Importance:	Normal major
Target Milestone:	---
Assigned To:	Dogtail Maintainers
QA Contact:	Dogtail Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2009-08-26 17:34 UTC by Sascha Silbe
Modified:	2009-10-20 16:29 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Sascha Silbe 2009-08-26 17:34:20 UTC

Dogtail saves the log files in /tmp/dogtail instead of the current directory. Not only will this break if multiple users on the same host (e.g. a shared development server / build host) try to use it, but it also presents an opportunity for a symlink attack.
This has been reported to Debian by someone else in 2008 (see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485752 ), including a patch.

Comment 1 Zack Cerza 2009-10-20 16:29:19 UTC

Thanks for your report. For some reason my mail server just delivered the notification for this bug today.

For a long time, dogtail has made /tmp/dogtail/ and its subdirectories 0777 by default.