RuboCop: insecure use of /tmp

[Jakub Wilk <jwilk () jwilk net>]

RuboCop stores cache files in /tmp/$UID/rubocop_cache/.
There are no ownership checks, so a malicious local users could exploit this to 
tamper with cache files belonging to other users.

Upstream bug report:
https://github.com/bbatsov/rubocop/issues/4336

I've attached PoC exploit.

--
Jakub Wilk

Attachment: rubocop-cache-exploit
Description: