[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Richard Stallman
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Tue, 5 Mar 2002 14:58:30 -0700 (MST)

    The catch is that if someone has made /tmp/emacs-game-scores a
    symbolic link to one of our directories, then we could overwrite the
    file named snake-scores in that directory.

I see there is no way to fix that--the user that owns the directory
could always delete it and replace it with a link at just the wrong time.

But /tmp is the wrong place for score files anyway.

    The point of (set-file-modes temp #o444) is to ensure the file is
    world-readable, in case the user has a paranoid umask.  Making the
    file non-writable is not necessary.

For a score file, it's a bug, isn't it?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]