From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Colin Walters Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: 10 Mar 2002 05:46:40 -0500 Sender: emacs-devel-admin@gnu.org Message-ID: <1015757200.18074.71.camel@space-ghost> References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> <200203042340.g24NexL00497@aztec.santafe.edu> <200203051520.g25FKbw01899@rum.cs.yale.edu> <1015389617.25883.37.camel@space-ghost> <1015400126.18074.0.camel@space-ghost> <200203080908.g28986Z02524@wijiji.santafe.edu> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Trace: main.gmane.org 1015785745 10512 80.91.224.249 (10 Mar 2002 18:42:25 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Sun, 10 Mar 2002 18:42:25 +0000 (UTC) Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 16k8H3-0002jR-00 for ; Sun, 10 Mar 2002 19:42:25 +0100 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 16k8IQ-0001Wp-00 for ; Sun, 10 Mar 2002 19:43:50 +0100 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16k8Gp-0005fj-00; Sun, 10 Mar 2002 13:42:11 -0500 Original-Received: from monk.debian.net ([216.185.54.61] helo=monk.verbum.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16k8Fg-0005eE-00 for ; Sun, 10 Mar 2002 13:41:00 -0500 Original-Received: from space-ghost.verbum.private (freedom.cis.ohio-state.edu [164.107.60.183]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "space-ghost.verbum.org", Issuer "monk.verbum.org" (verified OK)) by monk.verbum.org (Postfix (Debian/GNU)) with ESMTP id B99727400240 for ; Sun, 10 Mar 2002 13:40:45 -0500 (EST) Original-Received: by space-ghost.verbum.private (Postfix (Debian/GNU), from userid 1000) id E5BEA88B1D4; Sun, 10 Mar 2002 05:46:41 -0500 (EST) Original-To: emacs-devel@gnu.org In-Reply-To: <200203080908.g28986Z02524@wijiji.santafe.edu> X-Mailer: Evolution/1.0 (Preview Release) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: main.gmane.org gmane.emacs.devel:1841 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:1841 On Fri, 2002-03-08 at 04:08, Richard Stallman wrote: > The game-state-directory should not be world-writable. If it is > world-writable, it will have the same security problem as /tmp, except > worse if it does not have the sticky bit--make-temp-file won't > be reliable in that case. The original security problem was in the way `gamegrid-add-score' created files in /tmp, not in the attributes of /tmp itself. If /tmp is world-writable with the sticky bit, then it is possible for applications to securely create files in it. > One way to solve this problem is by having Emacs installation create > the desired files under /var/games/emacs, make them world-writable, > and make /var/games/emacs read-only. The problem I see with this is that we can't use `rename-file', and thus we lose atomicity of score file updates. If multiple users are concurrently reading and writing the same file, it will eventually be corrupted. We could perhaps try to come up with a locking scheme, but things get very complicated at that point. We also can't use my proposed solution, which is secure and atomic, but as I realized right after posting it, fails to allow people to share scores :) > Does anyone see a better way? At this point, my gut feeling is that we're going to be better off just definining `game-state-directory' to be ~/.emacs.d/games or something, and leave it at that. _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://mail.gnu.org/mailman/listinfo/emacs-devel