Severity |
|
Remote |
|
Type |
+ |
Access restriction bypass |
|
Description |
+ |
The socket placed in /tmp by pcmanfm is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another user then said another user will either be unable to use pcmanfm, or may send requests to the first user's pcmanfm. |
|
References |
+ |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862571 |
+ |
https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 |
|
Notes |
|