http://bugzilla.novell.com/show_bug.cgi?id=571558 http://bugzilla.novell.com/show_bug.cgi?id=571558#c0 Summary: kiwi uses fixed path /tmp/config.xml in KIWIXML.pm Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: ms@novell.com ReportedBy: mls@novell.com QAContact: qa@suse.de CC: adrian@novell.com Found By: --- Blocker: --- Kiwi has a hardcoded /tmp/config.xml in the xsltproc command call. This is bad because: - multiple running kiwi instances overwrite each others file - it's a security problem. someone can create a symlink from /tmp/config.xml to /etc/passwd - the file is not deleted after kiwi is done Please fix. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.