[Python-modules-team] Bug#652653: python-virtualenv: insecure /tmp file handling
Adam D. Barratt
adam at adam-barratt.org.uk
Wed May 2 22:21:24 UTC 2012
On Tue, 2011-12-20 at 20:18 +0000, Adam D. Barratt wrote:
> On Tue, 2011-12-20 at 09:44 +0100, Piotr Ożarowski wrote:
> > [Adam D. Barratt, 2011-12-19]
[...]
> > > Looking at the diff, and the equivalent code in the unstable package,
> > > there seems to be a missing component - namely, that the directory
> > > created via mkdtemp() is never cleaned up. Am I missing something, or
> > > does fixing this issue result in orphaned temporary directories?
> >
> > the old code didn't do it as well,
>
> Well, trying to remove /tmp would be a silly idea. ;-)
>
> > I can update the patch to remove it
>
> That would be good, although in that case the change should be made in
> unstable first (and pushed upstream?).
That happened now, as #661272 which was recently fixed in sid (thanks
Stefano!). In terms of getting stable updated, either a 1.4.9-3squeeze2
package could be prepared incorporating the extra fixes, or we could
reject the original package and fix everything in one upload. Thoughts?
Regards,
Adam
More information about the Python-modules-team
mailing list