Bug 159543 - app-dicts/stardict: Insecure usage of file in /tmp.
Bug#: 159543 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: shellsage@gentoo.org
Component: Vulnerabilities
URL: 
Summary: app-dicts/stardict: Insecure usage of file in /tmp.
Keywords:  
Status Whiteboard: B3? [noglsa]
Opened: 2006-12-31 01:54 0000
Description:   Opened: 2006-12-31 01:54 0000 
The file stardict-config.sh make insecure use of the file "/tmp/fonts.dir"
without first checking to see if that file is a symlink.  This could allow for
the overwriting of arbitrary files on the filesystem when installing stardict.

------- Comment #1 From Sune Kloppenborg Jeppesen 2007-01-06 12:32:25 0000 ------- 
app-dicts please advise.

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-03-25 10:43:57 0000 ------- 
app-dicts please advise.

------- Comment #3 From Kevin F. Quinn (RETIRED) 2007-03-26 06:50:18 0000 ------- 
I haven't seen anything from liquidx for a while, so I'll stick my nose in.

It seems the script is unused, legacy from version 1.x which are no longer in
the tree - so I've just removed it.

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-03-26 08:10:37 0000 ------- 
Thx Kevin.

This one is ready for GLSA decision. I vote NO as the script itself seems
unused/uninstalled. Please correct me if I'm wrong.

------- Comment #5 From Raphael Marichez 2007-04-02 22:03:50 0000 ------- 
When it's not an everyday usage (contrary to an installation script for
example), i vote no. Closing, feel free to reopen if you disagree.