oss-sec mailing list archives
Re: pinocchio tmp vuln
From: Henri Salo <henri () nerv fi>
Date: Tue, 9 Sep 2014 12:46:35 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Sep 09, 2014 at 11:57:11AM +0300, Mikko Korpela wrote:
Test automation on the other hand IMHO requires that we are working in a secure sand box. If there is a malicious user on the same machine then I bet things have already gone very wrong somewhere else. Ystävällisin terveisin ;) , Mikko
Many times these tools are executed in normal shell environments with lots of users and not in safe/clean server (even robotfw). In my opinion these issues should be fixed in code and get CVE assigned even the risk is minimal. Code audits for PyPi packages are more than welcome thought some level of coordination is required to avoid confusion. These are often easy to report and fix, but I understand if reporter has lack of time. Kurt if you need coordination help you can contact me off-list. Ystävällisin terveisin ;), Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQOzHsACgkQXf6hBi6kbk/qJACfciJ1RPqjM11kWF150v16GOGj 91YAoIn1EiKD2eYNnB6YSS0cFAz2Io1h =uljW -----END PGP SIGNATURE-----
Current thread:
- pinocchio tmp vuln Kurt Seifried (Sep 08)
- Re: pinocchio tmp vuln David Jorm (Sep 08)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln Steve Kemp (Sep 09)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln Henri Salo (Sep 09)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 09)
- Re: pinocchio tmp vuln Donald Stufft (Sep 11)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln John Haxby (Sep 09)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 09)
- Re: pinocchio tmp vuln John Haxby (Sep 11)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 11)
- Re: pinocchio tmp vuln Kurt Seifried (Sep 11)
- Re: pinocchio tmp vuln Mikko Korpela (Sep 11)
- Re: pinocchio tmp vuln David Jorm (Sep 08)