Note that the above issue is due to two things:
1) Predictable directory names used in /tmp 2) Continuing if mkdir(2) returns an error with errno set to EEXIST
This allows attackers to create symlinks in /tmp that the launcher follows.
« Back to merge proposal
Note that the above issue is due to two things:
1) Predictable directory names used in /tmp
2) Continuing if mkdir(2) returns an error with errno set to EEXIST
This allows attackers to create symlinks in /tmp that the launcher follows.