Skip to content
This repository has been archived by the owner on Jun 16, 2020. It is now read-only.

Insecure use of /tmp #12

Closed
jwilk opened this issue Jul 3, 2018 · 2 comments
Closed

Insecure use of /tmp #12

jwilk opened this issue Jul 3, 2018 · 2 comments
Labels
bug Something isn't working

Comments

@jwilk
Copy link
Contributor

jwilk commented Jul 3, 2018

When you use the --verbose, termtosvg happily writes to /tmp/termtosvg.log, even when it already exists and is owned by someone else.

Please refuse the temptation to use /tmp for things that are not actually temporary files.
@nbedos nbedos added the bug Something isn't working label Jul 3, 2018
nbedos added a commit that referenced this issue Jul 3, 2018
@nbedos
Use temporary file for logging (issue #12)
04c5dc0
@nbedos
Copy link
Owner

nbedos commented Jul 3, 2018
edited

Thanks for the report! I've written a fix which will be included in the next release. I will close the issue when the release is available on pypi.

@nbedos
Copy link
Owner

nbedos commented Jul 8, 2018

This is now fixed in version 0.4.0. See https://github.com/nbedos/termtosvg/releases/tag/0.4.0

@nbedos nbedos closed this as completed Jul 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jwilk @nbedos