[Pkg-hpijs-devel] Bug#725876: hplip: insecure temporary files handling in pkit.py
Raphael Geissert
geissert at debian.org
Wed Oct 9 14:27:48 UTC 2013
Package: hplip
Version: 3.12.6-3
Tags: security
(Please adjust severity as necessary)
Hi,
pkit.py seems to create a log file at /tmp/hp-pkservice.log and I
believe it is done as root, making it a nice vector for a symlink
attack. I only took a quick look at it, so I might be missing
something.
Could you please confirm the report?
Thanks,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-hpijs-devel
mailing list