[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Colin Walters
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: 03 Mar 2002 23:50:26 -0500

On Sun, 2002-03-03 at 23:08, Richard Stallman wrote:
> I fixed most of the uses of make-temp-name to use make-temp-file
> instead.  I did not fix Gnus, and I asked maintainers of certain files
> to fix those files.

Well, you have to look carefully, because not all uses of
`make-temp-name' are insecure.  If you create a new temporary
subdirectory that is not world-writable, and then create files inside of
there, you're fine (as, for example, gnus-uu.el appears to do). 
However, it is still probably better to use `make-temp-file' regardless,
but Gnus probably has to consider portability between Emacsen.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]