[tor-bugs] #10641 [Flashproxy]: flashproxy writes temporary certificate files outside of TOR_PT_STATE_LOCATION
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jan 17 06:21:03 UTC 2014
#10641: flashproxy writes temporary certificate files outside of
TOR_PT_STATE_LOCATION
------------------------+---------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: minor | Milestone:
Component: Flashproxy | Version:
Keywords: | Actual Points:
Parent ID: | Points:
------------------------+---------------------
flashproxy/keys.py
[https://gitweb.torproject.org/flashproxy.git/blob/744617d8928cf097d9f1f0c0ae3b0b136895bffb:/flashproxy/keys.py#l77
uses]
[https://gitweb.torproject.org/flashproxy.git/commitdiff/1e541947c32f8d390b5df1cc1c42928e7c058dd5
tempfile.NamedTemporaryFile] without the `dir` argument, meaning that
files will be saved to some system-wide temporary directory. Even though
the files are immediately deleted, we should not write anything outside of
TOR_PT_STATE_LOCATION.
Behavior changed in
[https://gitweb.torproject.org/flashproxy.git/commitdiff/1e541947c32f8d390b5df1cc1c42928e7c058dd5
1e541947c32f8d390b5df1cc1c42928e7c058dd5]. Before that, the
`get_state_dir` function was used to find out where to save the temporary
file.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10641>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list