m hardcodes /tmp/m.log as its log path and writes to that file even if it exists. An unprivileged user can set up a symlink from this path to anywhere on the system, and if m is invoked as, say, root this can allow unprivileged users to overwrite arbitrary files on the system causing a denial of service.
Using mktemp should be an improvement over the current situation.
Thanks @p-mongo! The log file is only used when unpacking a downloaded tarball (and only potentially useful in the event of error). I've updated to use mktemp as suggested.
m hardcodes
/tmp/m.log
as its log path and writes to that file even if it exists. An unprivileged user can set up a symlink from this path to anywhere on the system, and if m is invoked as, say, root this can allow unprivileged users to overwrite arbitrary files on the system causing a denial of service.Using
mktemp
should be an improvement over the current situation.