symlink attack vulnerability
libyzis is vulnerable to a symlink attack.
YDebugBackend writes to "/tmp/yzisdebug-$USER.log". If a malicious user creates a symlink there, he will be able to overwrite files owned by the user running yzis.
In 1.0-alpha1 yzis will exit with a segfault after overwriting the file with a file of zero length.
In latest hg sources yzis will continue working after overwriting the file with a file of zero length.
Updated by Adrian Friedli over 13 years ago
The return value of the file deletion is not being checked, so yzis goes happily on as before if the file can't be deleted. This is the case when the symlink doesn't belong to the user running yzis.
And maybe there is still a race condition , because there is a very small time between the deletion of the old file and the creation of the new file. You should have a look at QTemporaryFile and it's function setAutoRemove. But this has the problem that you get one new file everytime you run yzis.
The original bug reporter  suggested to not create a logfile at all. This is what I did in the Debian package for a short-term fix.
Updated by Loïc P. over 13 years ago
- Assignee set to Loïc P.
I reworked a bit the debug manager (commit:3daf11bb08e1) :
- if compiled with CMAKE_BUILD_TYPE=debug, we use a (persistant) log file managed by QTemporaryFile (named /tmp/yzis-$USER-XXXXXX.log)
- else no log file is created.
Logging may be always enabled through command line using --level=debug|warning|error|fatal and --debug-output=stderr|stdout|filename options.