[Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp
Jakub Wilk
jwilk at debian.org
Tue Jan 21 13:45:11 UTC 2014
Package: python-xdg
Version: 0.25-3
Severity: important
Tags: security
xdg.BaseDirectory.get_runtime_dir(strict=False) is prone to symlink
attacks. A malicious local user could do the following:
1) Create symlink /tmp/pyxdg-runtime-dir-fallback-victim, pointing to a
directory owned by the victim, say /home/victim.
2) Wait until the victim calls get_runtime_dir(strict=False), which
succeeds and returns "/tmp/pyxdg-runtime-dir-fallback-victim".
3) Switch the symlink to point to a directory of their choice.
--
Jakub Wilk
More information about the Python-modules-team
mailing list