Source: ngraph-gtk Version: 6.06.13-4.1 Tags: security
ngraph-gtk's debian/rules exports XDG_RUNTIME_DIR=/tmp. But $XDG_RUNTIME_DIR is not supposed to be world-writable. On the contrary, the XDG Base Directory Specification says: “The directory MUST be owned by the user, and he MUST be the only one having read and write access to it. Its Unix access mode MUST be 0700.”
-- Jakub Wilk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
