| Description: | openhpi ships with the /var/lib/openhpi/ directory set world readable and writeable. If this directory is used for storing the OPENHPI_UID_MAP or other openhpi data for example an attacker would be able to view, modify and delete it. Even without such usage an attacker could use it to fill up the storage hosting the /var/lib/ directory if quotas are not properly set.
|