From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Colin Walters Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: 27 Mar 2002 18:46:39 -0500 Sender: emacs-devel-admin@gnu.org Message-ID: <1017272799.2144.8.camel@space-ghost> References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> <200203042340.g24NexL00497@aztec.santafe.edu> <200203051520.g25FKbw01899@rum.cs.yale.edu> <1015389617.25883.37.camel@space-ghost> <1015400126.18074.0.camel@space-ghost> <200203080908.g28986Z02524@wijiji.santafe.edu> <1015757200.18074.71.camel@space-ghost> <200203110901.g2B91Ej04386@wijiji.santafe.edu> <1016402881.5455.24.camel@space-ghost> <200203182006.g2IK6dB08697@wijiji.santafe.edu> <1016490983.17157.4.camel@space-ghost> <200203200510.g2K5Atl09572@wijiji.santafe.edu> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Trace: main.gmane.org 1017272947 24958 127.0.0.1 (27 Mar 2002 23:49:07 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Wed, 27 Mar 2002 23:49:07 +0000 (UTC) Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 16qNAB-0006UR-00 for ; Thu, 28 Mar 2002 00:49:07 +0100 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 16qNJK-0007s6-00 for ; Thu, 28 Mar 2002 00:58:34 +0100 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16qN9Z-0001xb-00; Wed, 27 Mar 2002 18:48:29 -0500 Original-Received: from monk.debian.net ([216.185.54.61] helo=monk.verbum.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16qN8x-0001v9-00 for ; Wed, 27 Mar 2002 18:47:51 -0500 Original-Received: from space-ghost.verbum.private (freedom.cis.ohio-state.edu [164.107.60.183]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "space-ghost.verbum.org", Issuer "monk.verbum.org" (verified OK)) by monk.verbum.org (Postfix (Debian/GNU)) with ESMTP id 6B77F740009E for ; Wed, 27 Mar 2002 18:47:40 -0500 (EST) Original-Received: by space-ghost.verbum.private (Postfix (Debian/GNU), from userid 1000) id 0680880690E; Wed, 27 Mar 2002 18:46:39 -0500 (EST) Original-To: emacs-devel@gnu.org In-Reply-To: <200203200510.g2K5Atl09572@wijiji.santafe.edu> X-Mailer: Evolution/1.0 (Preview Release) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: main.gmane.org gmane.emacs.devel:2230 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:2230 On Wed, 2002-03-20 at 00:10, Richard Stallman wrote: > And we should probably impose a limit of, say, 50 scores, and 200 > characters in a score line. > > Please avoid arbitrary limits such as those. The GNU coding standards > say we should avoid arbitrary limits whenever possible. My concern is that since Emacs is often used on large, multiuser systems, many of which use disk quotas, a setgid program without any limits on the files it creates would be a way for users to get around their disk quotas. > Other than that, it sounds like a good solution except that it should > be more general, not limited to Emacs alone. Ok, I've committed the C portion of the code to lib-src/update-game-score.c. It's not enabled yet. Also, would be nice if other people could give it a quick audit; I plan to do this more thoroughly myself soonish. _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://mail.gnu.org/mailman/listinfo/emacs-devel