Date: Wed, 21 Nov 2018 13:05:04 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 233378] [patch] ports-mgmt/portmaster: place portmasterfail.txt in non world-writeable location Message-ID: <bug-233378-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233378 Bug ID: 233378 Summary: [patch] ports-mgmt/portmaster: place portmasterfail.txt in non world-writeable location Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: se@FreeBSD.org Reporter: rs@bytecamp.net Flags: maintainer-feedback?(se@FreeBSD.org) Assignee: se@FreeBSD.org Created attachment 199413 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D199413&action= =3Dedit place portmasterfail.txt in ~ When building/upgrading ports via portmaster fails, it will place a list of failed ports in /tmp/portmasterfail.txt. Not only is this file created world-readable, any local user may create a symlink attack with it. I recommend placing portmasterfail.txt in $HOME. with kind regards, Robert Schulze --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233378-7788>