[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Richard Stallman
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Sun, 3 Mar 2002 07:39:30 -0700 (MST)

    The problem is actually in gamegrid.el's gamegrid-add-score. We should not
    write to file if it is symlink or hard link. Am I right?

That is not guaranteed to prevent the problem, since someone could
create a symlink in between the testing and the writing.

It seems to me that we should always use make-temp-file for writing
into /tmp.  For now, I changed snake.el to specify a file in your
home dir.  It could also be a file in /var, if someone set up the file
in advance to make sure it can't be deleted, just edited.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]