While fuzzing the library, as described in #4, I noticed the usage of /tmp/GDSIIConvert.log. This isn't good, for two reasons:
- it's a "temporary file of predictable name", in a shared directory which is world-writable in some setups. This is usually considered a vulnerability, for reasons that the Internet explains better than I do;
- GDSIIConvert writes enough data there to fill gigabytes in several hours, filling up my HDD... not good, I simply put a
rm; sleep invocation in a loop to fix that, but that's ugly :)
While fuzzing the library, as described in #4, I noticed the usage of /tmp/GDSIIConvert.log. This isn't good, for two reasons:
rm; sleepinvocation in a loop to fix that, but that's ugly :)