Re: many packages write to `temporary-file-directory' insecurely

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From:	Richard Stallman
Subject:	Re: many packages write to `temporary-file-directory' insecurely
Date:	Fri, 8 Mar 2002 02:08:06 -0700 (MST)

    +           (choices (list "/var/games/emacs" "/var/games"
    +                          temporary-file-directory)))
    +       (while (and (not ret) (setq choice (car choices)))
    +         (when (and (eq (car (file-attributes choice)) t)
    +                    (file-writable-p choice))
    +           (setq ret choice))

The game-state-directory should not be world-writable.  If it is
world-writable, it will have the same security problem as /tmp, except
worse if it does not have the sticky bit--make-temp-file won't
be reliable in that case.

One way to solve this problem is by having Emacs installation create
the desired files under /var/games/emacs, make them world-writable,
and make /var/games/emacs read-only.

Does anyone see a better way?

[Prev in Thread]

Current Thread

[Next in Thread]

Re: many packages write to `temporary-file-directory' insecurely, (continued)

Prev by Date: Re: many packages write to `temporary-file-directory' insecurely
Next by Date: Re: Should customizing default-frame-alist change existing frames?
Previous by thread: Re: many packages write to `temporary-file-directory' insecurely
Next by thread: Re: many packages write to `temporary-file-directory' insecurely
Index(es):
- Date
- Thread