[Python-modules-team] Bug#652653: python-virtualenv: insecure /tmp file handling
Adam D. Barratt
adam at adam-barratt.org.uk
Thu Jan 12 21:20:46 UTC 2012
On Tue, 2011-12-20 at 20:18 +0000, Adam D. Barratt wrote:
> On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
> > [Adam D. Barratt, 2011-12-19]
> > > Looking at the diff, and the equivalent code in the unstable package,
> > > there seems to be a missing component - namely, that the directory
> > > created via mkdtemp() is never cleaned up. Am I missing something, or
> > > does fixing this issue result in orphaned temporary directories?
> >
> > the old code didn't do it as well,
>
> Well, trying to remove /tmp would be a silly idea. ;-)
>
> > I can update the patch to remove it
>
> That would be good, although in that case the change should be made in
> unstable first (and pushed upstream?).
Any news on that?
Regards,
Adam
More information about the Python-modules-team
mailing list