From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.bugs Subject: bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service Date: Tue, 01 Sep 2009 17:15:54 -0400 Message-ID: References: <1x7hwk3gis.fsf@fencepost.gnu.org> Reply-To: Glenn Morris , 4291@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1251840439 5309 80.91.229.12 (1 Sep 2009 21:27:19 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 1 Sep 2009 21:27:19 +0000 (UTC) Cc: tassilo@member.fsf.org, David Bremner , 4291@emacsbugs.donarmstrong.com To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Sep 01 23:27:11 2009 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1Miasg-0006h6-1f for geb-bug-gnu-emacs@m.gmane.org; Tue, 01 Sep 2009 23:27:10 +0200 Original-Received: from localhost ([127.0.0.1]:38224 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Miasf-0000ou-9D for geb-bug-gnu-emacs@m.gmane.org; Tue, 01 Sep 2009 17:27:09 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Miasa-0000n1-P5 for bug-gnu-emacs@gnu.org; Tue, 01 Sep 2009 17:27:04 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MiasW-0000hY-Bb for bug-gnu-emacs@gnu.org; Tue, 01 Sep 2009 17:27:04 -0400 Original-Received: from [199.232.76.173] (port=46993 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MiasW-0000hI-39 for bug-gnu-emacs@gnu.org; Tue, 01 Sep 2009 17:27:00 -0400 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:52544) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MiasV-0001NN-Fh for bug-gnu-emacs@gnu.org; Tue, 01 Sep 2009 17:26:59 -0400 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n81LQu2f025009; Tue, 1 Sep 2009 14:26:56 -0700 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.14.3/8.14.3/Submit) id n81LK3qM023706; Tue, 1 Sep 2009 14:20:03 -0700 Resent-Date: Tue, 1 Sep 2009 14:20:03 -0700 X-Loop: owner@emacsbugs.donarmstrong.com Resent-From: Glenn Morris Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs 2Resent-Date: Tue, 01 Sep 2009 21:20:03 +0000 Resent-Message-ID: Resent-Sender: owner@emacsbugs.donarmstrong.com X-Emacs-PR-Message: followup 4291 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by 4291-submit@emacsbugs.donarmstrong.com id=B4291.125183975623094 (code B ref 4291); Tue, 01 Sep 2009 21:20:03 +0000 Original-Received: (at 4291) by emacsbugs.donarmstrong.com; 1 Sep 2009 21:15:56 +0000 X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available. hammytokens:Tokens not available. Original-Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n81LFtYs023091 for <4291@emacsbugs.donarmstrong.com>; Tue, 1 Sep 2009 14:15:56 -0700 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.67) (envelope-from ) id 1Miahm-0006WC-87; Tue, 01 Sep 2009 17:15:54 -0400 X-Spook: brigand MD5 AIEWS Bruxelles Defcon Al Jazeera X-Ran: ,dz^k{AloEDUUC=kNKyaUce*0&Y;Qiz9'snf4;zOs_1\YR{~O$Jb5WC<\euPh%nhw\V!>{ X-Hue: white X-Attribution: GM User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Resent-Date: Tue, 01 Sep 2009 17:27:04 -0400 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:30717 Archived-At: Stefan Monnier wrote: > Yes, tho it's a bit different: your case can be avoided by appropriate > use of quotas on /tmp (yes, I realize this is highly unlikely), and your > case cannot be obtained without impacting the system as a whole > (i.e. it's less discrete). The original scenario doesn't seem likely (or discreet). I suggest just making docview give an explicit error if its cache dir: a) cannot be created; or b) exists but cannot be read or written to.