From mboxrd@z Thu Jan 1 00:00:00 1970 Path: quimby.gnus.org!not-for-mail From: Al Petrofsky Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: Sun, 3 Mar 2002 12:36:10 -0800 Message-ID: <200203032036.MAA29961@radish.petrofsky.org> References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> NNTP-Posting-Host: quimby2.netfonds.no X-Trace: quimby2.netfonds.no 1015188303 23424 195.204.10.66 (3 Mar 2002 20:45:03 GMT) X-Complaints-To: usenet@quimby2.netfonds.no NNTP-Posting-Date: 3 Mar 2002 20:45:03 GMT Cc: Pavel@Janik.cz, walters@verbum.org, emacs-devel@gnu.org Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby2.netfonds.no with esmtp (Exim 3.12 #1 (Debian)) id 16hcqs-00065i-00 for ; Sun, 03 Mar 2002 21:45:02 +0100 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian)) id 16hcl5-0003Iv-00; Sun, 03 Mar 2002 15:39:03 -0500 Original-Received: from radish.petrofsky.org ([216.240.48.33]) by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian)) id 16hciM-0002tQ-00 for ; Sun, 03 Mar 2002 15:36:14 -0500 Original-Received: (from al@localhost) by radish.petrofsky.org (8.9.3/8.9.3/Debian 8.9.3-21) id MAA29961; Sun, 3 Mar 2002 12:36:10 -0800 Original-To: monnier+gnu/emacs@RUM.cs.yale.edu In-reply-to: <200203031718.g23HIKt23295@rum.cs.yale.edu> (monnier+gnu/emacs@RUM.cs.yale.edu) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: quimby.gnus.org gmane.emacs.devel:1711 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:1711 > From: "Stefan Monnier" > > From: Colin Walters > > > > How do you share high-scores between users then? We do want to share > > scores... > > It's difficult to do it safely. Is this sufficient? (let* ((scores-dir (expand-file-name "emacs-games-scores" temporary-file-directory)) (scores-basename "snake-scores") (scores-file (expand-file-name scores-basename scores-dir)) (temp (make-temp-file scores-basename))) (unwind-protect (progn (write-region (point-min) (point-max) temp) (set-file-modes temp #o444) (condition-case nil (progn (make-directory scores-dir) (set-file-modes scores-dir #o777)) (error nil)) (and (eq t (car (file-attributes scores-dir))) (rename-file temp scores-file t))) (condition-case nil (delete-file temp) (error nil)))) You might unwittingly overwrite the file named "snake-scores" in some unknown directory if someone maliciously creates a /tmp/snake symlink at just the right time, but that's not too bad. (Maybe we should use "/tmp/emacs-game-scores/this-file-name-is-not-used-for-any-important\ -file-in-any-directory-I-hope".) > But in any case sharing should not be done via /tmp. > We should instead define a `score-files-directory' which could default > to "/var/games" or to "~/.emacs.d". An advantage of using /tmp is that it exists on every (sane) system, and does not require any help from the system administrator. -al _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://mail.gnu.org/mailman/listinfo/emacs-devel