[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Richard Stallman
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Mon, 4 Mar 2002 16:40:59 -0700 (MST)

    We should instead define a `score-files-directory' which could default
    to "/var/games" or to "~/.emacs.d".

That seems like a reasonable approach.
Would someone like to do it?

If /var/games is treated just like /tmp, meaning anyone can create a
file in it, then it will raise the same security issues as /tmp.  We
could perhaps use the code that Al Petrovsky sent, if that is correct.

Or we could say that the files should be created by root during
installation, and that /var/games should not allow anyone but root to
create files.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]