search

chainguard-dev / bincapz

detect malicious program behaviors
Apache License 2.0
378 stars 24 forks source link

ref/path/dev/shm critical for byobu-6.12/usr/bin/vigpg: /dev/shm/.vigpg-XXXXXXXXXXXX #285

Closed tstromberg closed 1 day ago

tstromberg commented 1 week ago

This alert should probably be downgraded to high, at least in the case where there is XXXXX in the filename?

/home/t/packages/x86_64/byobu-6.12/usr/bin/vigpg [🚨 CRITICAL]
--------------------------------------------------------------------------------------------------------
RISK  KEY               DESCRIPTION                                       EVIDENCE                      
--------------------------------------------------------------------------------------------------------
CRIT  ref/path/dev/shm  path reference within /dev/shm (world writeable)  /dev/shm/.vigpg-XXXXXXXXXXXX  
--------------------------------------------------------------------------------------------------------