cosmo0920
commented
3 years ago @frsyuki Could you kindly take a look if you have a time? If you don't have enough time to maintain this gem, we can handle issues/PRs on @fluent-plugins-nursery: https://github.com/fluent-plugins-nursery/contact
We think that maintainace of this gem is important for Fluentd community.
Currently, sigdump uses predictable path to write object dump. But, in some circumstances, this implementation makes a vulnerability for dangling symlink attack. And also,
Kernel.openshould use0644instead of0666(wolrd-writable permission). This will be also vulnerability part of dangling symlink attack.