oss-sec mailing list archives

Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp

From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Tue, 21 Jan 2014 09:28:39 -0500

as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a
TOCTOU failure in python's xdg module (see attached message).

Could a CVE be assigned to this?

        --dkg

--- Begin Message --- From: Jakub Wilk <jwilk () debian org>
Date: Tue, 21 Jan 2014 14:45:11 +0100
Package: python-xdg
Version: 0.25-3
Severity: important
Tags: security
xdg.BaseDirectory.get_runtime_dir(strict=False) is prone to symlinkattacks. A malicious local user could do the following:
1) Create symlink /tmp/pyxdg-runtime-dir-fallback-victim, pointing to adirectory owned by the victim, say /home/victim.
2) Wait until the victim calls get_runtime_dir(strict=False), whichsucceeds and returns "/tmp/pyxdg-runtime-dir-fallback-victim".
3) Switch the symlink to point to a directory of their choice.

--
Jakub Wilk

_______________________________________________
Python-modules-team mailing list
Python-modules-team () lists alioth debian org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
--- End Message ---

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp Daniel Kahn Gillmor (Jan 21)
- Re: Fwd: [Python-modules-team] Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp cve-assign (Jan 21)