On Fri, 11 Dec 2009 23:43:30 +0100 Jakub Wilk wrote: > Package: python-docutils > Version: 0.5-2 > Severity: grave > Tags: security help > Justification: user security hole > > Emacs major mode for reStructuredText (rst.el) uses temporary files > with predictable names in an insecure fashion: > > | (defun rst-compile-pdf-preview () > | "Convert the document to a PDF file and launch a preview program." > | (interactive) > | (let* ((tmp-filename "/tmp/out.pdf") > | (command (format "%s %s %s && %s %s" > | (cadr (assq 'pdf rst-compile-toolsets)) > | buffer-file-name tmp-filename > | rst-pdf-program tmp-filename))) > | (start-process-shell-command "rst-pdf-preview" nil command) > | ;; Note: you could also use (compile command) to view the compilation > | ;; output. > | )) > [...] > | (defun rst-compile-slides-preview () > | "Convert the document to an S5 slide presentation and launch a preview > program." > | (interactive) > | (let* ((tmp-filename "/tmp/slides.html") > | (command (format "%s %s %s && %s %s" > | (cadr (assq 's5 rst-compile-toolsets)) > | buffer-file-name tmp-filename > | rst-slides-program tmp-filename))) > | (start-process-shell-command "rst-slides-preview" nil command) > | ;; Note: you could also use (compile command) to view the compilation > | ;; output. > | )) > > How to reproduce/exploit this bug > --------------------------------- > > Attacker: > $ ln -sf /path/to/file/the/attacker/want/to/overwrite /tmp/slides.html > > Victim: > $ emacs foo.rst > M-x rst-mode > C-c 5
this information seems to be for an emacs problem, but the bug was filed against python-docutils. was this a mistake or is there a connection between the two that i am missing? mike _______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/python-modules-team
