[Aptitude-devel] Bug#888275: aptitude: (leaves) world-writable (!) aptitude-download- dirs in /tmp

Felix C. Stegerman flx at obfusk.net
Wed Jan 24 13:49:47 UTC 2018 

Package: aptitude
Version: 0.8.10-6
Severity: normal

Dear Maintainer,

I just found some aptitude-download-XXXX-XXXX-XXXX-XXXX directories in
/tmp.  Presumably from some recent failed `aptitude changelog`
invocations.  The directories are empty.  I may have ^Cd aptitude
because it seemed to hang, which might explain why it did not clean up
after itself.  It would be nice if it did.  But this is definately a
minor issue.

I'm a little worried about the fact that the directories all have mode
0777.  Could this result in a security issue?  Either way it does not
seem like the correct mode for these temporary directories.

Thanks.

- Felix

-- Package-specific info:
Terminal: screen-256color-bce
$DISPLAY is set.
which aptitude: /usr/bin/aptitude

aptitude version information:
aptitude 0.8.10
Compiler: g++ 7.2.0
Compiled against:
  apt version 5.0.2
  NCurses version 6.0
  libsigc++ version: 2.10.0
  Gtk+ support disabled.
  Qt support disabled.

Current library versions:
  NCurses version: ncurses 6.0.20171125
  cwidget version: 0.5.17
  Apt version: 5.0.2

aptitude linkage:
	linux-vdso.so.1 (0x00007ffdb8fd1000)
	libapt-pkg.so.5.0 => /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0 (0x00007f2cd2042000)
	libncursesw.so.5 => /lib/x86_64-linux-gnu/libncursesw.so.5 (0x00007f2cd1e12000)
	libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007f2cd1be8000)
	libsigc-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libsigc-2.0.so.0 (0x00007f2cd19e1000)
	libcwidget.so.3 => /usr/lib/x86_64-linux-gnu/libcwidget.so.3 (0x00007f2cd16e9000)
	libsqlite3.so.0 => /usr/lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007f2cd13de000)
	libboost_iostreams.so.1.62.0 => /usr/lib/x86_64-linux-gnu/libboost_iostreams.so.1.62.0 (0x00007f2cd11c6000)
	libboost_filesystem.so.1.62.0 => /usr/lib/x86_64-linux-gnu/libboost_filesystem.so.1.62.0 (0x00007f2cd0fad000)
	libboost_system.so.1.62.0 => /usr/lib/x86_64-linux-gnu/libboost_system.so.1.62.0 (0x00007f2cd0da9000)
	libxapian.so.30 => /usr/lib/x86_64-linux-gnu/libxapian.so.30 (0x00007f2cd099e000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f2cd0780000)
	libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f2cd0401000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f2cd00b6000)
	libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f2ccfe9f000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2ccfae9000)
	libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f2ccf8d2000)
	libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f2ccf6b8000)
	libbz2.so.1.0 => /lib/x86_64-linux-gnu/libbz2.so.1.0 (0x00007f2ccf4a8000)
	liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5 (0x00007f2ccf282000)
	liblz4.so.1 => /usr/lib/x86_64-linux-gnu/liblz4.so.1 (0x00007f2ccf070000)
	libudev.so.1 => /lib/x86_64-linux-gnu/libudev.so.1 (0x00007f2ccee52000)
	/lib64/ld-linux-x86-64.so.2 (0x00007f2cd2a0e000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f2ccec4e000)
	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f2ccea46000)
	libuuid.so.1 => /lib/x86_64-linux-gnu/libuuid.so.1 (0x00007f2cce841000)

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages aptitude depends on:
ii  aptitude-common            0.8.10-6
ii  libapt-pkg5.0              1.6~alpha7
ii  libboost-filesystem1.62.0  1.62.0+dfsg-5
ii  libboost-iostreams1.62.0   1.62.0+dfsg-5
ii  libboost-system1.62.0      1.62.0+dfsg-5
ii  libc6                      2.26-5
ii  libcwidget3v5              0.5.17-7
ii  libgcc1                    1:7.2.0-20
ii  libncursesw5               6.0+20171125-1
ii  libsigc++-2.0-0v5          2.10.0-1
ii  libsqlite3-0               3.22.0-1
ii  libstdc++6                 7.2.0-20
ii  libtinfo5                  6.0+20171125-1
ii  libxapian30                1.4.5-1

Versions of packages aptitude recommends:
ii  libparse-debianchangelog-perl  1.2.0-12
ii  sensible-utils                 0.0.11

Versions of packages aptitude suggests:
pn  apt-xapian-index                <none>
pn  aptitude-doc-en | aptitude-doc  <none>
pn  debtags                         <none>
ii  tasksel                         3.42

-- no debconf information

More information about the Aptitude-devel mailing list