[Python-modules-team] Bug#652653: python-virtualenv: insecure /tmp file handling
Adam D. Barratt
adam at adam-barratt.org.uk
Mon Dec 19 22:32:38 UTC 2011
On Mon, 2011-12-19 at 17:19 +0100, Nico Golde wrote:
> it was discovered that python-virtualenv is handling /tmp files in an insecure manner.
> The following patch fixed this problem:
I noticed that an upload which appears to fix this issue (although
without reference the bug number) has appeared in p-u-NEW. Whilst
that's an admirable turn-around :-) it really should have been discussed
with the SRMs first, rather than simply uploading (I believe this is
well documented enough by now - if not, please point out where and how
we could make it clearer).
Looking at the diff, and the equivalent code in the unstable package,
there seems to be a missing component - namely, that the directory
created via mkdtemp() is never cleaned up. Am I missing something, or
does fixing this issue result in orphaned temporary directories?
More information about the Python-modules-team