Bug#682742: audacity: creates temporary directory with wrong permissions

Horst Rauber hriase1 at post-ist-da.de
Wed Jul 25 09:02:40 UTC 2012 

Package: audacity
Version: 1.3.12-7.4
Severity: important

Although the umask is set to 027, the temporary directory is created with
mode 755.
Even worse, after manually changing the permissions to 700, audacity resets
them to 755 during startup!

Severity of the bug set to important, because I consider this a (albeit minor)
security problem.


-- System Information:
Debian Release: 6.0.5
  APT prefers stable
  APT policy: (950, 'stable'), (800, 'testing'), (500, 'oldstable')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.23-x86_64 (SMP w/4 CPU cores)
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages audacity depends on:
ii  audacity-data          1.3.12-7.4        A fast, cross-platform audio edito
ii  libasound2             1.0.25-3          shared library for ALSA applicatio
ii  libc6                  2.13-33           Embedded GNU C Library: Shared lib
ii  libexpat1              2.1.0-1           XML parsing C library - runtime li
ii  libflac++6             1.2.1-2+b1        Free Lossless Audio Codec - C++ ru
ii  libflac8               1.2.1-2+b1        Free Lossless Audio Codec - runtim
ii  libgcc1                1:4.7.1-2         GCC support library
ii  libglib2.0-0           2.32.3-1          GLib library of C routines
ii  libgtk2.0-0            2.24.10-1         GTK+ graphical user interface libr
ii  libid3tag0             0.15.1b-10        ID3 tag reading library from the M
ii  libjack0 [libjack-0.11 1:0.118+svn3796-7 JACK Audio Connection Kit (librari
ii  libmad0                0.15.1b-5         MPEG audio decoder library
ii  libogg0                1.2.0~dfsg-1      Ogg bitstream library
ii  libsamplerate0         0.1.7-3           Audio sample rate conversion libra
ii  libsndfile1            1.0.21-3+squeeze1 Library for reading/writing audio 
ii  libsoundtouch1c2       1.3.1-2           sound stretching library
ii  libstdc++6             4.7.1-2           GNU Standard C++ Library v3
ii  libtwolame0            0.3.12-1          MPEG Audio Layer 2 encoding librar
ii  libvamp-hostsdk3       2.1-1             helper library for Vamp hosts writ
ii  libvorbis0a            1.3.1-1+squeeze1  The Vorbis General Audio Compressi
ii  libvorbisenc2          1.3.1-1+squeeze1  The Vorbis General Audio Compressi
ii  libvorbisfile3         1.3.1-1+squeeze1  The Vorbis General Audio Compressi
ii  libwxbase2.8-0         2.8.10.1-3+b1     wxBase library (runtime) - non-GUI
ii  libwxgtk2.8-0          2.8.10.1-3+b1     wxWidgets Cross-platform C++ GUI t

Versions of packages audacity recommends:
ii  libavcodec52               5:0.7.13-dmo2 Library to encode decode multimedi
ii  libavformat52              5:0.7.13-dmo2 ffmpeg file format library.

Versions of packages audacity suggests:
pn  ladspa-plugin              <none>        (no description available)
ii  libmp3lame0                1:3.99.5-dmo1 LAME Ain't an MP3 Encoder (shared 

-- no debconf information

More information about the pkg-multimedia-maintainers mailing list