fiji-flo / x1carbon2018s3

S3 suspend for the X1 Carbon 2018
The Unlicense
165 stars 16 forks source link

Insecure use of /tmp #5

Closed jwilk closed 6 years ago

jwilk commented 6 years ago

The script begins with:

mkdir -p /tmp/x1carbon2018s3
cd /tmp/x1carbon2018s3

So it will happily use /tmp/x1carbon2018s3, even when this directory exist and is owned by another (possibly malicious) user. Please use mktemp -d for creating temporary directories.

fiji-flo commented 6 years ago

Thanks again.