From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service Date: Mon, 31 Aug 2009 10:55:40 -0400 Message-ID: References: <1x7hwk3gis.fsf@fencepost.gnu.org> Reply-To: Stefan Monnier , 4291@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1251734275 19423 80.91.229.12 (31 Aug 2009 15:57:55 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 31 Aug 2009 15:57:55 +0000 (UTC) Cc: David Bremner , 4291@emacsbugs.donarmstrong.com To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Aug 31 17:57:48 2009 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1Mi9GM-0004Ud-Fg for geb-bug-gnu-emacs@m.gmane.org; Mon, 31 Aug 2009 17:57:47 +0200 Original-Received: from localhost ([127.0.0.1]:42446 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Mi9GL-0001jE-Up for geb-bug-gnu-emacs@m.gmane.org; Mon, 31 Aug 2009 11:57:45 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Mi8TN-0000Ns-DO for bug-gnu-emacs@gnu.org; Mon, 31 Aug 2009 11:07:09 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Mi8TF-0000L7-Op for bug-gnu-emacs@gnu.org; Mon, 31 Aug 2009 11:07:06 -0400 Original-Received: from [199.232.76.173] (port=36655 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Mi8TD-0000Jk-Lp for bug-gnu-emacs@gnu.org; Mon, 31 Aug 2009 11:07:00 -0400 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:52130) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Mi8TC-0005MB-UW for bug-gnu-emacs@gnu.org; Mon, 31 Aug 2009 11:06:59 -0400 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7VF6tdv019694; Mon, 31 Aug 2009 08:06:56 -0700 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.14.3/8.14.3/Submit) id n7VF06XC017548; Mon, 31 Aug 2009 08:00:06 -0700 Resent-Date: Mon, 31 Aug 2009 08:00:06 -0700 X-Loop: owner@emacsbugs.donarmstrong.com Resent-From: Stefan Monnier Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs 2Resent-Date: Mon, 31 Aug 2009 15:00:06 +0000 Resent-Message-ID: Resent-Sender: owner@emacsbugs.donarmstrong.com X-Emacs-PR-Message: followup 4291 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by 4291-submit@emacsbugs.donarmstrong.com id=B4291.125173054816868 (code B ref 4291); Mon, 31 Aug 2009 15:00:06 +0000 Original-Received: (at 4291) by emacsbugs.donarmstrong.com; 31 Aug 2009 14:55:48 +0000 X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available. hammytokens:Tokens not available. Original-Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n7VEtkXk016850 for <4291@emacsbugs.donarmstrong.com>; Mon, 31 Aug 2009 07:55:47 -0700 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqIEAJuBm0pFpYuS/2dsb2JhbACBU9ZUgjeBYwWHaA X-IronPort-AV: E=Sophos;i="4.44,305,1249272000"; d="scan'208";a="44605143" Original-Received: from 69-165-139-146.dsl.teksavvy.com (HELO ceviche.home) ([69.165.139.146]) by ironport2-out.teksavvy.com with ESMTP; 31 Aug 2009 10:54:35 -0400 Original-Received: by ceviche.home (Postfix, from userid 20848) id E7DA570048; Mon, 31 Aug 2009 10:55:40 -0400 (EDT) In-Reply-To: <1x7hwk3gis.fsf@fencepost.gnu.org> (Glenn Morris's message of "Sun, 30 Aug 2009 21:42:51 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Resent-Date: Mon, 31 Aug 2009 11:07:06 -0400 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:30685 Archived-At: >> By default doc-view-mode makes a directory /tmp/docview$uid . Since >> this is easily predictable, a malicious person could cause docview to >> fail simply by creating a directory with the same name. > Couldn't they do the same thing by simply filling /tmp with junk, no > matter what filename is used? Yes, tho it's a bit different: your case can be avoided by appropriate use of quotas on /tmp (yes, I realize this is highly unlikely), and your case cannot be obtained without impacting the system as a whole (i.e. it's less discrete). > (Emacs server also uses the same name every time AFAIK.) Yes, and Emacs server needs this name to be predictable (an "ls /tmp" shows that other services, such as `orbit', are similarly vulnerable). IIRC /tmp/docview$uid is predictable because doc-view tries to reuse previouly-rendered pages. I'm not convinced this is really a good feature, but obviously the author thought it was important, so I'd rather not drop it without a discussion. Stefan