Red Hat Bugzilla – Bug 476068
Post install is a potential security risk.
Last modified: 2008-12-11 16:58:13 EST
Description of problem:
You are using easily guess able /tmp files that a hacker could create and cause a root process to do some evil things.
Either use /var/run or mktemp to create the temporary file.
This effects all Rawhide, F10 and RHEL5 at least.
Daniel, I think that this problem is not in rawhide nor F10.
RHEL5 rpm was reverted from compose, we found that problem too already,
and this package will be not released.
Please can you provide exact version of spec which is affected?
I can't see the problem in fedora either.
%post libs -p /sbin/ldconfig
Please reopen if you're referring to something else we've missed.