Vulnerable tmpdir handling (CVE-2025-71176) - Issue opened on Aug 24, 2025 - Labels: plugin: tmpdir, status: help wanted Key points mentioned in the issue: - The current implementation creates a predictable temporary directory based on the username ( ), which is vulnerable to symlink and TOCTOU (Time-Of-Check to Time-Of-Use) attacks. - The directory permissions check can be bypassed if an attacker pre-creates the directory or changes its ownership. - Even with Linux protections like and , these are not enabled by default and not POSIX compliant, leaving room for vulnerabilities. - Suggested improvements include using Python’s or for secure, random directories and avoiding manual ownership checks. Discussion highlights: - The predictable base directory is a known feature but presents security risks. - Using environment variables for tmpdir customization adds complexity. - Race conditions and permission issues persist across reboots and in shared environments. - The issue affects primarily multi-user systems, but precautions should be taken in all setups. Labels and status: - The issue is tagged as "plugin: tmpdir" and "status: help wanted," indicating it requires further attention and possibly a contribution.