A vulnerability in the go-gnome pre-installer allows non-root users
to exploit world-writable permissions in /tmp, permitting files
normally only accessible by root to be overwritten.
The go-gnome pre-installer uses a few rather predictable filenames
in /tmp for uudecode, snarf, and the installer files. If one (or
more) of those files already exist with a symbolic link created by
a malicious user, the files pointed to by those links will be
The go-gnome pre-installer has been updated on the main Helix Code
mirror and go-gnome.com. This new version fixes this vulnerability
by storing files in /var/cache/helix-install, which is writable
only by root.
A new version of the go-gnome pre-installer is available
immediately from Helix Code, Inc. at go-gnome.com: http://go-gnome.com
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.