You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While fuzzing the library, as described in #4, I noticed the usage of /tmp/GDSIIConvert.log. This isn't good, for two reasons:
it's a "temporary file of predictable name", in a shared directory which is world-writable in some setups. This is usually considered a vulnerability, for reasons that the Internet explains better than I do;
GDSIIConvert writes enough data there to fill gigabytes in several hours, filling up my HDD... not good, I simply put a rm; sleep invocation in a loop to fix that, but that's ugly :)
The text was updated successfully, but these errors were encountered:
While fuzzing the library, as described in #4, I noticed the usage of /tmp/GDSIIConvert.log. This isn't good, for two reasons:
rm; sleepinvocation in a loop to fix that, but that's ugly :)The text was updated successfully, but these errors were encountered: