Created attachment 199413 [details]
place portmasterfail.txt in ~
When building/upgrading ports via portmaster fails, it will place a list of failed ports in /tmp/portmasterfail.txt.
Not only is this file created world-readable, any local user may create a symlink attack with it.
I recommend placing portmasterfail.txt in $HOME.
with kind regards,
A commit references this bug:
Date: Sun Jan 26 20:22:33 UTC 2020
New revision: 524231
Save the file with instructions how to restart portmaster after a failure
to non-world-writable directory.
Save this file in the user's home directory instead of in /tmp to prevent
a possible sym-link attack against the user.
Submitted by: Robert Schulze
Approved by: antoine (implicit)
Fixed as suggested.