Historical bug tracker for the Pacman package manager.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
The pacman bug tracker has moved to gitlab:
https://gitlab.archlinux.org/pacman/pacman/-/issues
This tracker remains open for interaction with historical bugs during the transition period. Any new bugs reports will be closed without further action.
FS#774 - gensync uses temp directory insecurely
Attached to Project:
Pacman
Opened by Oliver Burnett-Hall (olly-bh) - Saturday, 17 April 2004, 20:16 GMT
Last edited by Judd Vinet (judd) - Sunday, 18 April 2004, 18:14 GMT
Opened by Oliver Burnett-Hall (olly-bh) - Saturday, 17 April 2004, 20:16 GMT
Last edited by Judd Vinet (judd) - Sunday, 18 April 2004, 18:14 GMT
|
Detailsgensync always uses /tmp/.gensync/ to build the repository database.
As the directory name is entirely predictable this is not secure - e.g. one user can stop another from using gensync by creating a file /tmp/.gensync. The attached patch fixes this by using a random name for the temp directory. It will also mean the temporary directory goes in $TMPDIR if this is different from /tmp. - olly 
gensync.patch
|
This task depends upon