emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely


From: Pavel Janík
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Sat, 02 Mar 2002 12:52:51 +0100
User-agent: Gnus/5.090006 (Oort Gnus v0.06) Emacs/21.2.50 (i386-suse-linux-gnu)

   From: Colin Walters <address@hidden>
   Date: 28 Feb 2002 20:15:51 -0500

   > I discovered a security problem with M-x snake, and a number of other
   > packages. For example, snake writes "snake-scores" to
   > `temporary-file-directory' (which defaults to /tmp on my system).  If an
   > attacker creates a symlink /tmp/snake-scores -> /home/luser/.bashrc, and
   > "luser" later runs M-x snake, then their .bashrc will be happily
   > overwritten with their snake scores.  Try it.

The problem is actually in gamegrid.el's gamegrid-add-score. We should not
write to file if it is symlink or hard link. Am I right?

--- gamegrid.el.~1.4.~  Wed Feb  6 13:39:50 2002
+++ gamegrid.el Sat Mar  2 12:51:15 2002
@@ -405,26 +405,29 @@
 ;; ;;;;;;;;;;;;;;; high score functions ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defun gamegrid-add-score (file score)
-  "Add the current score to the high score file."
-  (save-excursion
-  (find-file-other-window file)
-  (setq buffer-read-only nil)
-  (goto-char (point-max))
-  (insert (format "%05d\t%s\t%s <%s>\n"
-                 score
-                 (current-time-string)
-                 (user-full-name)
-                 (cond ((fboundp 'user-mail-address)
-                        (user-mail-address))
-                       ((boundp 'user-mail-address)
-                        user-mail-address)
-                       (t ""))))
-  (sort-numeric-fields 1 (point-min) (point-max))
-    (reverse-region (point-min) (point-max))
-  (goto-line (1+ gamegrid-score-file-length))
-  (delete-region (point) (point-max))
-  (setq buffer-read-only t)
-    (save-buffer)))
+  "Add the current score to the high score file.
+If the high score file is a symlink or hard link, do nothing."
+  (unless (or (file-symlink-p file)
+             (> (or (file-nlinks file) 0) 1))
+    (save-excursion
+      (find-file-other-window file)
+      (setq buffer-read-only nil)
+      (goto-char (point-max))
+      (insert (format "%05d\t%s\t%s <%s>\n"
+                     score
+                     (current-time-string)
+                     (user-full-name)
+                     (cond ((fboundp 'user-mail-address)
+                            (user-mail-address))
+                           ((boundp 'user-mail-address)
+                            user-mail-address)
+                           (t ""))))
+      (sort-numeric-fields 1 (point-min) (point-max))
+      (reverse-region (point-min) (point-max))
+      (goto-line (1+ gamegrid-score-file-length))
+      (delete-region (point) (point-max))
+      (setq buffer-read-only t)
+      (save-buffer))))
 
 ;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 

-- 
Pavel Janík

die_if_kernel("Whee... Hello Mr. Penguin", current->tss.kregs);
                  -- 2.2.16 arch/sparc/kernel/traps.c



reply via email to

[Prev in Thread] Current Thread [Next in Thread]