Code review comment for lp:~chipaca/snap-confine/unshare

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Note that the above issue is due to two things:

1) Predictable directory names used in /tmp
2) Continuing if mkdir(2) returns an error with errno set to EEXIST

This allows attackers to create symlinks in /tmp that the launcher follows.

« Back to merge proposal