Tech Debt: possible symlink attack
Bug #1471376 reported by
Sam Yaple
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kolla |
Fix Released
|
Critical
|
Sam Yaple |
Bug Description
https:/
The procedure here adds content to a file in /tmp with a static name. This file is not verifed to exist in a secure manner.
Changed in kolla: | |
status: | New → Triaged |
importance: | Undecided → Critical |
milestone: | none → liberty-2 |
Changed in kolla: | |
assignee: | nobody → Sam Yaple (s8m) |
status: | Triaged → In Progress |
Changed in kolla: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This page gives details on how to use temporary files securely. /ci.openstack. org/guidelines/ dg_using- temporary- files-securely. html
https:/