Sorry for the slow reply, I wasn't Cc'd so I didn't see your reply.
> Did you request a CVE for it already? No, I did not. > make me believe that the trust boundaries are not crossed here, thus > I suppose it will be tracked as a secuirity hardening issue, and not a > flaw. > What do you think? I suspect this program is only useful on a desktop system, and such systems might have multiple users. On that basis the flaw could allow user "a" to truncate/destroy files belonging to user "b", which is a boundary-cross. Unless I misunderstand how you use the term? I think that traditionally insecure uses of temporary files are tracked as security issues even if in practice they'll never be exploited. e.g. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2524 Steve -- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
