Pithos does not start (due to permission error)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Pithos |
Fix Released
|
High
|
Unassigned |
Bug Description
VERSION:
Newest ppa Pithos with ubuntu 10.4 64bit.
PROBLEM:
When permissions on pre-existing /tmp/pithos.
IOError: [Errno 13] Permission denied: '/tmp/pithos.
WORKAROUND:
When one either deletes /tmp/pithos.
HOW TO REPRODUCE:
It can be done one of two ways. Either change the owner of the /tmp/pithos.
1) Start a second ubuntu account
2) Run pithos (init /tmp/pithos.
3) Change accounts
4) Attempt to run pithos.
SUGGESTIONS ON FIXING:
Make each debug.log unique to each user of pithos. Just attempting to clean up the data on Pithos closing is inadequate due to the fact that pithos can be killall'd.
Hope this helps, big respect to Pithos software. Finally got me listening to Pandora again!
Related branches
CVE References
Changed in pithos: | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in pithos: | |
status: | Confirmed → In Progress |
Changed in pithos: | |
status: | In Progress → Fix Committed |
Changed in pithos: | |
status: | Fix Committed → Fix Released |
Btw, having predictable filenames in /tmp/ can be *really* bad.
Attack vector: Mallory links /tmp/pithos. debug.log to ~/.gnupg/ secring. gpg. If Pithos doesn't do a lot of checking, it'll overwrite your secret key on start.
I'd use tempfile. mkstemp( prefix= "pithos- debug-" , suffix=".log"), or store logs in a subdirectory of ~.