[Pkg-privacy-maintainers] Bug#915859: uses a fixed filename in /tmp

Peter Palfrader weasel at debian.org
Fri Dec 7 11:40:00 GMT 2018


Package: onionshare
Version: 1.3-1
Severity: grave
Tags: security

onionshare uses /tmp/onionshare_server.log as a logfile with --debug.

in onionshare/web.py:
| def debug_mode():
|     temp_dir = tempfile.gettempdir()
|     log_handler = logging.FileHandler(
|         os.path.join(temp_dir, 'onionshare_server.log'))

tempfile.gettempdir() returns /tmp.  It does not give you a
dedicated temp-directory.  It is not mkdtemp.

-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/



More information about the Pkg-privacy-maintainers mailing list