[Python-modules-team] Bug#736247: Fwd: Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp

[Daniel Kahn Gillmor]

as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a
TOCTOU failure in python's xdg module (see attached message).

Could a CVE be assigned to this?

        --dkg

--- Begin Message ---

Package: python-xdg
Version: 0.25-3
Severity: important
Tags: security







3) Switch the symlink to point to a directory of their choice.

--
Jakub Wilk

_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

xdg.BaseDirectory.get_runtime_dir(strict=False) is prone to symlink attacks. A malicious local user could do the following: 1) Create symlink /tmp/pyxdg-runtime-dir-fallback-victim, pointing to a directory owned by the victim, say /home/victim. 2) Wait until the victim calls get_runtime_dir(strict=False), which succeeds and returns "/tmp/pyxdg-runtime-dir-fallback-victim".
--- End Message ---

signature.asc
Description: OpenPGP digital signature

_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team