[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: many packages write to `temporary-file-directory' insecurely
From: |
Colin Walters |
Subject: |
Re: many packages write to `temporary-file-directory' insecurely |
Date: |
27 Mar 2002 18:46:39 -0500 |
On Wed, 2002-03-20 at 00:10, Richard Stallman wrote:
> And we should probably impose a limit of, say, 50 scores, and 200
> characters in a score line.
>
> Please avoid arbitrary limits such as those. The GNU coding standards
> say we should avoid arbitrary limits whenever possible.
My concern is that since Emacs is often used on large, multiuser
systems, many of which use disk quotas, a setgid program without any
limits on the files it creates would be a way for users to get around
their disk quotas.
> Other than that, it sounds like a good solution except that it should
> be more general, not limited to Emacs alone.
Ok, I've committed the C portion of the code to
lib-src/update-game-score.c. It's not enabled yet. Also, would be nice
if other people could give it a quick audit; I plan to do this more
thoroughly myself soonish.
- Re: many packages write to `temporary-file-directory' insecurely, (continued)
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/08
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/10
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/11
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/17
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Steve Kemp, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Pavel JanÃk, 2002/03/19
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/20
- Re: many packages write to `temporary-file-directory' insecurely,
Colin Walters <=
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/30
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/08
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/08
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/09
Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/03
Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/03
Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/03