Bug 63799 - xscreensaver/webcollage has somewhat concerning /tmp file handling
Summary: xscreensaver/webcollage has somewhat concerning /tmp file handling
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: xscreensaver
Version: 7.3
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2002-04-18 20:07 UTC by Adrian Likins
Modified: 2014-03-17 02:27 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2002-06-12 06:47:39 UTC
Embargoed:


Attachments (Terms of Use)

Description Adrian Likins 2002-04-18 20:07:13 UTC
Description of Problem:

The `webcollage` app in xscreensaver writes out a bunch
of files to /tmp. From a quick look at the code, it doesnt look
to be the most paranoid app around.

Not really a big deal since we dont let users select
`webcollage` from any conveinent manner, and xscreensaver
is designed not to run as root. Just figured I'd file
it while it was on my mind...

The /tmp files are just "webcollage.$PID" so very predictable,
and doesnt look there are any attempts to use mkstemp or
the like.

Comment 1 Bill Nottingham 2002-08-13 02:36:07 UTC
The current version does a form of mkdtemp() in perl.


Note You need to log in before you can comment on or make changes to this bug.