[pkg] brutespray - review
Gianfranco Costamagna
locutusofborg at debian.org
Sun Jul 23 16:02:02 UTC 2017
Hello,
>I didn't look closely how the tmp directory is used by brutespray. If
>it is a temporary directory in the "usual" sense, a proper solution
>would be to use the python tempfile module to create a temporary
>directory and automatically clean that up. However, it really depends
>on how brutespray uses that directory…
true
>Hardcoding /tmp/brutespray is not a proper solution… think of multiple
>users on one system, for example, where this would cause problems.
I agree, I use tmp too much, and I would be bothered a lot if it were
deleted by a program.
This is an RC bug in debian (causing data loss for other applications)
BTW this seems to be not /tmp, but rather a "tmp" in the current directory.
But this doesn't make it better, probably just worse
if not os.path.exists("tmp/"):
os.mkdir("tmp/")
tmppath = "tmp/"
Without having done a deep look at the code, I would use some mktemp function
instead
https://docs.python.org/2/library/tempfile.html
tempfile.mktemp()
'/tmp/tmpbFMFjp'
G.
More information about the Pkg-security-team
mailing list