From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Bremner Newsgroups: gmane.emacs.bugs Subject: bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service Date: Sat, 29 Aug 2009 21:02:07 -0300 Message-ID: Reply-To: David Bremner , 4291@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org X-Trace: ger.gmane.org 1251613931 14942 80.91.229.12 (30 Aug 2009 06:32:11 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 30 Aug 2009 06:32:11 +0000 (UTC) To: bug-gnu-emacs@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Aug 30 08:32:04 2009 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1MhdxL-00010v-MA for geb-bug-gnu-emacs@m.gmane.org; Sun, 30 Aug 2009 08:32:04 +0200 Original-Received: from localhost ([127.0.0.1]:48928 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MhdxL-0001PQ-0g for geb-bug-gnu-emacs@m.gmane.org; Sun, 30 Aug 2009 02:32:03 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MhYG7-0006iQ-1D for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:27:03 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MhYG1-0006dU-PJ for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:27:02 -0400 Original-Received: from [199.232.76.173] (port=45537 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MhYG1-0006dL-Lf for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:26:57 -0400 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:59448) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MhYG1-0006Vd-3F for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:26:57 -0400 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7U0QsFv003912; Sat, 29 Aug 2009 17:26:55 -0700 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.14.3/8.14.3/Submit) id n7U0A6iL001113; Sat, 29 Aug 2009 17:10:06 -0700 Resent-Date: Sat, 29 Aug 2009 17:10:06 -0700 X-Loop: owner@emacsbugs.donarmstrong.com Resent-From: David Bremner Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs 2Resent-Date: Sun, 30 Aug 2009 00:10:05 +0000 Resent-Message-ID: Resent-Sender: owner@emacsbugs.donarmstrong.com X-Emacs-PR-Message: report 4291 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by submit@emacsbugs.donarmstrong.com id=B.125159054531421 (code B ref -1); Sun, 30 Aug 2009 00:10:05 +0000 Original-Received: (at submit) by emacsbugs.donarmstrong.com; 30 Aug 2009 00:02:25 +0000 X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available. hammytokens:Tokens not available. Original-Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7U02Lf3031406 for ; Sat, 29 Aug 2009 17:02:23 -0700 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MhXsD-0000Gd-96 for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:02:21 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MhXs8-0000GA-Dx for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:02:20 -0400 Original-Received: from [199.232.76.173] (port=56656 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MhXs8-0000G7-BU for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:02:16 -0400 Original-Received: from pivot.cs.unb.ca ([131.202.240.57]:41884) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MhXs7-0003cz-Qo for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 20:02:16 -0400 Original-Received: from bremner by pivot.cs.unb.ca with local (Exim 4.69) (envelope-from ) id 1MhXs6-0008Py-6W for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 21:02:14 -0300 Original-Received: by pivot.cs.unb.ca (tmda-sendmail, from uid 1266); Sat, 29 Aug 2009 21:02:12 -0300 Original-Received: from fctnnbsc27w-142167175181.pppoe-dynamic.nb.aliant.net ([142.167.175.181] helo=localhost) by pivot.cs.unb.ca with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1MhXs4-0008Pr-Iz for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 21:02:12 -0300 Original-Received: from bremner by localhost with local (Exim 4.69) (envelope-from ) id 1MhXrz-0005yJ-3B for bug-gnu-emacs@gnu.org; Sat, 29 Aug 2009 21:02:07 -0300 X-Sender-Verified: bremner@pivot.cs.unb.ca X-Delivery-Agent: TMDA/1.1.11 (Ladyburn) X-TMDA-Fingerprint: RD7Gx12WIO1pr9JDNmQFTr7H2OI X-Primary-Address: bremner@unb.ca X-Tmda-Bare: David Bremner X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Resent-Date: Sat, 29 Aug 2009 20:27:02 -0400 X-Mailman-Approved-At: Sun, 30 Aug 2009 02:31:57 -0400 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:30659 Archived-At: By default doc-view-mode makes a directory /tmp/docview$uid . Since this is easily predictable, a malicious person could cause docview to fail simply by creating a directory with the same name. In GNU Emacs 23.1.1 (i486-pc-linux-gnu, X toolkit, Xaw3d scroll bars) of 2009-08-03 on raven, modified by Debian Windowing system distributor `The X.Org Foundation', version 11.0.10603000 configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=athena' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS='' Important settings: value of $LC_ALL: nil value of $LC_COLLATE: nil value of $LC_CTYPE: nil value of $LC_MESSAGES: nil value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: nil value of $LANG: en_CA.UTF-8 value of $XMODIFIERS: nil locale-coding-system: utf-8-unix default-enable-multibyte-characters: t Major mode: Fundamental Minor modes in effect: diff-auto-refine-mode: t tool-bar-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t global-auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent input: M-x C-g C-x C-f t e a SPC c s SPC 2 SPC SPC w i SPC c SPC SPC SPC SPC M-x r e p SPC o SPC SPC r SPC SPC SPC Recent messages: Loading /home/bremner/.emacs-custom.el (source)... Loading epa-mail...done Loading /home/bremner/.emacs-custom.el (source)...done Loading /usr/share/emacs/site-lisp/haskell-mode/haskell-site-file.el (source)...done For information about GNU Emacs and the GNU system, type C-h C-a. Quit Making completion list... [2 times] File mode specification error: (file-error "Doing chmod" "operation not permitted" "/tmp/docview1000") Loading vc-git...done Making completion list... [3 times]