Re: backup method

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: backup method

From:	David Kastrup
Subject:	Re: backup method
Date:	Thu, 03 Feb 2005 10:27:24 +0100
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux)

Richard Stallman <address@hidden> writes:

>     Any reason why you didn't use make-temp-file?
>
> make-temp-file creates the file empty.  Between that and writing the
> data into it, someone else could delete the file and put in a symlink.

The permissions in world-writable temp directories are almost always
1777 which means that nobody but the owner can delete such a file.
Symlink attacks are only possible when the file name can be guessed by
an outside attacker _before_ the file is created.

It is probably just prehistoric and/or misconfigured systems (and
Windows?) where anybody can delete a file from somebody else in
temporary directories.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum

[Prev in Thread]

Current Thread

[Next in Thread]

Re: backup method, Richard Stallman, 2005/02/01
- Re: backup method, Stefan Monnier, 2005/02/01
  - Re: backup method, Richard Stallman, 2005/02/03
    - Re: backup method, David Kastrup <=
    - Re: backup method, Han Boetes, 2005/02/03
    - Re: backup method, Richard Stallman, 2005/02/05
    - Re: backup method, David Kastrup, 2005/02/05
    - Re: backup method, Richard Stallman, 2005/02/06

Prev by Date: Re: Customize buttons that change user's custom fileshouldaskforconfirmation
Next by Date: [Ali "Çehreli"] Fwd: Translating TUTORIAL to Turkish
Previous by thread: Re: backup method
Next by thread: Re: backup method
Index(es):
- Date
- Thread