From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Colin Walters Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: 05 Apr 2002 02:30:36 -0500 Sender: emacs-devel-admin@gnu.org Message-ID: <1017991836.27236.40.camel@space-ghost> References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> <200203042340.g24NexL00497@aztec.santafe.edu> <200203051520.g25FKbw01899@rum.cs.yale.edu> <1015389617.25883.37.camel@space-ghost> <1015400126.18074.0.camel@space-ghost> <200203080908.g28986Z02524@wijiji.santafe.edu> <1015757200.18074.71.camel@space-ghost> <200203110901.g2B91Ej04386@wijiji.santafe.edu> <1016402881.5455.24.camel@space-ghost> <200203182006.g2IK6dB08697@wijiji.santafe.edu> <1016490983.17157.4.camel@space-ghost> <200203200510.g2K5Atl09572@wijiji.santafe.edu> <1017272799.2144.8.camel@space-ghost> <200203310124.g2V1Ot110614@aztec.santafe.edu> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Trace: main.gmane.org 1017998681 3859 127.0.0.1 (5 Apr 2002 09:24:41 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Fri, 5 Apr 2002 09:24:41 +0000 (UTC) Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 16tPxZ-000108-00 for ; Fri, 05 Apr 2002 11:24:41 +0200 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 16tQAW-0001xb-00 for ; Fri, 05 Apr 2002 11:38:04 +0200 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16tPx7-00089f-00; Fri, 05 Apr 2002 04:24:13 -0500 Original-Received: from monk.debian.net ([216.185.54.61] helo=monk.verbum.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16tOKW-0000W4-00 for ; Fri, 05 Apr 2002 02:40:16 -0500 Original-Received: from space-ghost.verbum.private (freedom.cis.ohio-state.edu [164.107.60.183]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "space-ghost.verbum.org", Issuer "monk.verbum.org" (verified OK)) by monk.verbum.org (Postfix (Debian/GNU)) with ESMTP id B0CDB740009E for ; Fri, 5 Apr 2002 02:40:05 -0500 (EST) Original-Received: by space-ghost.verbum.private (Postfix (Debian/GNU), from userid 1000) id 62D828AA180; Fri, 5 Apr 2002 02:30:37 -0500 (EST) Original-To: emacs-devel@gnu.org In-Reply-To: <200203310124.g2V1Ot110614@aztec.santafe.edu> X-Mailer: Evolution/1.0 (Preview Release) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: main.gmane.org gmane.emacs.devel:2385 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:2385 On Sat, 2002-03-30 at 20:24, Richard Stallman wrote: > My concern is that since Emacs is often used on large, multiuser > systems, many of which use disk quotas, a setgid program without any > limits on the files it creates would be a way for users to get around > their disk quotas. > > One solution for that is to limit the format of the data > that goes in the file so as to specialize it for game scores. Well, I guess what bugs me about this is presumably people will want to have at least their names and/or email addresses in there, and I don't see how to restrict the "format" of the data such that its total size is limited. On the other hand, I've realized it's a good idea to put the actual username (or at least the uid) into the score lines, so if someone is using it to store a substantial amount of data, then it will be blatantly obvious who is doing it. By the way, I'm almost done with the autoconf magic necessary to support this; it's been a bit more painful than I thought.