[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Colin Walters
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: 27 Mar 2002 18:46:39 -0500

On Wed, 2002-03-20 at 00:10, Richard Stallman wrote:
>     And we should probably impose a limit of, say, 50 scores, and 200
>     characters in a score line.
> Please avoid arbitrary limits such as those.  The GNU coding standards
> say we should avoid arbitrary limits whenever possible.

My concern is that since Emacs is often used on large, multiuser
systems, many of which use disk quotas, a setgid program without any
limits on the files it creates would be a way for users to get around
their disk quotas.  

> Other than that, it sounds like a good solution except that it should
> be more general, not limited to Emacs alone.

Ok, I've committed the C portion of the code to
lib-src/update-game-score.c.  It's not enabled yet.  Also, would be nice
if other people could give it a quick audit; I plan to do this more
thoroughly myself soonish.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]