Re: many packages write to `temporary-file-directory' insecurely

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From:	Richard Stallman
Subject:	Re: many packages write to `temporary-file-directory' insecurely
Date:	Tue, 5 Mar 2002 14:58:30 -0700 (MST)

    The catch is that if someone has made /tmp/emacs-game-scores a
    symbolic link to one of our directories, then we could overwrite the
    file named snake-scores in that directory.

I see there is no way to fix that--the user that owns the directory
could always delete it and replace it with a link at just the wrong time.

But /tmp is the wrong place for score files anyway.

    The point of (set-file-modes temp #o444) is to ensure the file is
    world-readable, in case the user has a paranoid umask.  Making the
    file non-writable is not necessary.

For a score file, it's a bug, isn't it?

[Prev in Thread]

Current Thread

[Next in Thread]

Re: many packages write to `temporary-file-directory' insecurely, Pavel Janík, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/02
  - Re: many packages write to `temporary-file-directory' insecurely, Pavel Janík, 2002/03/02
    - Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/03
    - Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/03
    - Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/03
    - Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/04
    - Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/04
    - Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/05
    - Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/05
    - Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman <=
    - Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/04
    - Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/04
    - Re: many packages write to `temporary-file-directory' insecurely, Andreas Schwab, 2002/03/05
    - Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/05
    - Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/05
    - Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/05
    - Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
    - Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/06
    - Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
    - Re: many packages write to `temporary-file-directory' insecurely, Eli Zaretskii, 2002/03/07

Prev by Date: Re: Should invisible imply intangible?
Next by Date: Re: Should customizing default-frame-alist change existing frames?
Previous by thread: Re: many packages write to `temporary-file-directory' insecurely
Next by thread: Re: many packages write to `temporary-file-directory' insecurely
Index(es):
- Date
- Thread