Re: many packages write to `temporary-file-directory' insecurely

[Al Petrofsky]

> From: "Stefan Monnier" <monnier+gnu/address@hidden>
> >    From: Colin Walters <address@hidden>
> > 
> > How do you share high-scores between users then? We do want to share
> > scores...
> 
> It's difficult to do it safely.

Is this sufficient?

   (let* ((scores-dir (expand-file-name "emacs-games-scores"
                                        temporary-file-directory))
          (scores-basename "snake-scores")
          (scores-file (expand-file-name scores-basename scores-dir))
          (temp (make-temp-file scores-basename)))
     (unwind-protect
         (progn 
           (write-region (point-min) (point-max) temp)
           (set-file-modes temp #o444)
           (condition-case nil
               (progn 
                 (make-directory scores-dir)
                 (set-file-modes scores-dir #o777))
             (error nil))
           (and (eq t (car (file-attributes scores-dir)))
                (rename-file temp scores-file t)))
       (condition-case nil
           (delete-file temp)
         (error nil))))

You might unwittingly overwrite the file named "snake-scores" in some
unknown directory if someone maliciously creates a /tmp/snake symlink
at just the right time, but that's not too bad.  (Maybe we should use
"/tmp/emacs-game-scores/this-file-name-is-not-used-for-any-important\
-file-in-any-directory-I-hope".)

> But in any case sharing should not be done via /tmp.
> We should instead define a `score-files-directory' which could default
> to "/var/games" or to "~/.emacs.d".

An advantage of using /tmp is that it exists on every (sane) system,
and does not require any help from the system administrator.

-al