[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: many packages write to `temporary-file-directory' insecurely
From: |
Richard Stallman |
Subject: |
Re: many packages write to `temporary-file-directory' insecurely |
Date: |
Tue, 5 Mar 2002 14:58:30 -0700 (MST) |
The catch is that if someone has made /tmp/emacs-game-scores a
symbolic link to one of our directories, then we could overwrite the
file named snake-scores in that directory.
I see there is no way to fix that--the user that owns the directory
could always delete it and replace it with a link at just the wrong time.
But /tmp is the wrong place for score files anyway.
The point of (set-file-modes temp #o444) is to ensure the file is
world-readable, in case the user has a paranoid umask. Making the
file non-writable is not necessary.
For a score file, it's a bug, isn't it?
- Re: many packages write to `temporary-file-directory' insecurely, Pavel Janík, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Pavel Janík, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/03
- Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/03
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/03
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely,
Richard Stallman <=
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Andreas Schwab, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Eli Zaretskii, 2002/03/07