[Tails-dev] [review'n'merge:1.4.1] liveusb-creator:bugfix/93…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: tails-dev
Temat: [Tails-dev] [review'n'merge:1.4.1] liveusb-creator:bugfix/9349-safer-error-logging
Hi,

Tails Installer logs error from subprocesses to
/tmp/liveusb-creator.log. That's a well-known name in a world-writable
location, so leaves room for some kinds of attacks e.g.
arbitrary file modification. The proposed branch fixes that.

Note that I did not build a Debian package, but tested it by patching
the code in a live Tails (and adding a line to creator.py so that it
logs even on success).

Assigning to anonym, since our usual other review'n'mergers are
apparently not available these days.

Cheers,
--
intrigeri