[Texmacs-dev] Re: [Bug #1789] temporary files are created in an insecure way

[Joris van der Hoeven]

> Changes by: Igor V. Kovalenko <address@hidden>
> Date: 2003-Feb-13 00:54 (Europe/Moscow)
> 
> ------------------ Additional Follow-up Comments ----------------------------
> Well, this is a way brute force attack works.
> I can suggest using temporary file name for file in ~/.TeXmacs/tmp/ or
> whatever not publically available. ~/.TeXmacs/ is available only to user
> who execute TeXmacs (presumably, anyway...) and user probably won't
> bruteforce himself. I see the problem is either with loss of data or
> with security breach. First is solved with truely private filesystem
> subdirectory (such as $(HOME)/.TeXmacs/tmp). See what SSH (the secure
> shell) is doing : the server checks permissions to ~/.ssh to be some 600 :)
> Second is best solved by refusing to execute as root (or whatever superuser).
> Are we now creating ~/TeXmacs/tmp or what? :)

Maybe that this is indeed a good idea: creating a directory
~/.TeXmacs/system/tmp for all temporary files and give this
directory very restrictive permissions. We might even give
restrictive permissions to the whole ~/.TeXmacs directory.

In fact: why are temporary files so special? As far as I can see
the security issues would be similarly important for all files
which we might wish to create...