From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Glenn Morris <rgm@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#4291: 23.1;
	doc-view-mode temporary directory vulnerable to denial of service
Date: Tue, 12 Jul 2011 17:44:53 -0400
Message-ID: <7kzkkj897u.fsf@fencepost.gnu.org>
References: <E1MhXrz-0005yJ-3B@localhost> <1x7hwk3gis.fsf@fencepost.gnu.org>
	<jwveiqsqbq8.fsf-monnier+emacsbugreports@gnu.org>
	<m3y603jiz0.fsf@quimbies.gnus.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: dough.gmane.org 1310507704 29801 80.91.229.12 (12 Jul 2011 21:55:04 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Tue, 12 Jul 2011 21:55:04 +0000 (UTC)
Cc: David Bremner <bremner-dated-1252800134.2fccb3@pivot.cs.unb.ca>,
	4291@debbugs.gnu.org
To: Lars Magne Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jul 12 23:54:59 2011
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Qgkuv-0007i4-3Z
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 12 Jul 2011 23:54:57 +0200
Original-Received: from localhost ([::1]:43676 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Qgkut-0007ih-Ny
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 12 Jul 2011 17:54:55 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:55964)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1QgklT-0005JX-76
	for bug-gnu-emacs@gnu.org; Tue, 12 Jul 2011 17:45:16 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1QgklN-0002lO-TD
	for bug-gnu-emacs@gnu.org; Tue, 12 Jul 2011 17:45:10 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:55028)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1QgklN-0002lA-J5
	for bug-gnu-emacs@gnu.org; Tue, 12 Jul 2011 17:45:05 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1QgklM-00052C-Ai; Tue, 12 Jul 2011 17:45:04 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Glenn Morris <rgm@gnu.org>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-To: owner@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 12 Jul 2011 21:45:04 +0000
Resent-Message-ID: <handler.4291.B4291.131050710219327@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 4291
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 4291-submit@debbugs.gnu.org id=B4291.131050710219327
	(code B ref 4291); Tue, 12 Jul 2011 21:45:04 +0000
Original-Received: (at 4291) by debbugs.gnu.org; 12 Jul 2011 21:45:02 +0000
Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1QgklJ-00051g-Ol
	for submit@debbugs.gnu.org; Tue, 12 Jul 2011 17:45:01 -0400
Original-Received: from fencepost.gnu.org ([140.186.70.10])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <rgm@gnu.org>) id 1QgklI-00051M-0r
	for 4291@debbugs.gnu.org; Tue, 12 Jul 2011 17:45:00 -0400
Original-Received: from localhost ([127.0.0.1]:55855)
	by fencepost.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rgm@gnu.org>)
	id 1QgklC-00077U-9c; Tue, 12 Jul 2011 17:44:54 -0400
X-Spook: LABLINK Delta Force Leitrim Fortezza Axis of Evil $400
X-Ran: EH~qUE^FBenw[6)q7YSwxuc.'hklj>#BIPG&ex8Oz5x/%W\At#:]$J^Z2Aom||@_0QiJe)
X-Hue: cyan
X-Attribution: GM
In-Reply-To: <m3y603jiz0.fsf@quimbies.gnus.org> (Lars Magne Ingebrigtsen's
	message of "Tue, 12 Jul 2011 23:18:43 +0200")
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
Resent-Date: Tue, 12 Jul 2011 17:45:04 -0400
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:48795
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/48795>

Lars Magne Ingebrigtsen wrote:

> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>
>> IIRC /tmp/docview$uid is predictable because doc-view tries to reuse
>> previouly-rendered pages.  I'm not convinced this is really a good
>> feature, but obviously the author thought it was important, so I'd
>> rather not drop it without a discussion.
>
> It could just stash the directory name in a variable, and use the normal
> `make-temp-file' to create the directory, couldn't it?

I think the idea referred to above is to potentially re-use pages
converted by a previous Emacs instance (which seems like a bad feature
to me too).