+++ This bug was initially created as a clone of Bug #162978 +++ sysreport creates a temporary directory in an insecure manner. umask 0077 ROOT=/tmp/sysreport.$$ ROOT should be something like ROOT=`mktemp -d /tmp/sysreport.XXXXXXXX` It is possible for a local attacker to cause a race condition and trick sysreport into writing its output to a directory the attacker can read. This issue was discovered by Bill Stearns
This issue should also affect FC3
it's fixed in 1.4.1-5(FC4) and 1.3.13-2(FC3)
ping, intend to push updates? (removing embargo)
yes, it should be pushed this week. Thanks for your remind
From User-Agent: XML-RPC sysreport-1.3.13-2 has been pushed for FC3, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Closing bugs in MODIFIED state from prior Fedora releases. If this bug persists in a current Fedora release (such as Fedora Core 5 or later), please reopen and set the version appropriately.