http://bugzilla.novell.com/show_bug.cgi?id=935338 Bug ID: 935338 Summary: dracut uses hardcoded /tmp/dracut_block_uuid.map filename - symlink attack Classification: openSUSE Product: openSUSE Factory Version: 201505* Hardware: Other OS: openSUSE 13.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: suse-beta@cboltz.de QA Contact: qa-bugs@suse.de CC: sfalken@opensuse.org, trenn@suse.com Found By: Beta-Customer Blocker: --- dracut uses /tmp/dracut_block_uuid.map as hardcoded filename. This allows symlink attacks. An attacker (local non-root user) can create /tmp/dracut_block_uuid.map as symlink pointing to any file, and that file will be destroyed/overwritten when mkinitrd runs the next time. -- You are receiving this mail because: You are on the CC list for the bug.