[Pkg-privacy-maintainers] Bug#915859: uses a fixed filename in /tmp
Peter Palfrader
weasel at debian.org
Fri Dec 7 11:40:00 GMT 2018
Package: onionshare
Version: 1.3-1
Severity: grave
Tags: security
onionshare uses /tmp/onionshare_server.log as a logfile with --debug.
in onionshare/web.py:
| def debug_mode():
| temp_dir = tempfile.gettempdir()
| log_handler = logging.FileHandler(
| os.path.join(temp_dir, 'onionshare_server.log'))
tempfile.gettempdir() returns /tmp. It does not give you a
dedicated temp-directory. It is not mkdtemp.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/
More information about the Pkg-privacy-maintainers
mailing list