Red Hat Bugzilla – Bug 177407
f-spot wrapper script looks for executable in CWD
Last modified: 2007-11-30 17:11:20 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8) Gecko/20051216 Fedora/1.5-3 Firefox/1.5
Description of problem:
The f-spot wrapper script in /usr/bin attempts to run f-spot.exe from the current working directory. This can lead into problems when launching f-spot from for example /tmp where another user might have created a fake f-spot.exe file.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. cd /tmp
2. touch f-spot.exe Makefile Defines.cs
Actual Results: *** Running uninstalled f-spot ***
cannot open assembly ./f-spot.exe
*** Bug 177676 has been marked as a duplicate of this bug. ***
This has been filed as http://bugzilla.gnome.org/show_bug.cgi?id=328909
Flipping security flag, as this is a security issue...
should be fixed in rawhide, now.