From mboxrd@z Thu Jan 1 00:00:00 1970 Path: quimby.gnus.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: Mon, 4 Mar 2002 16:40:59 -0700 (MST) Message-ID: <200203042340.g24NexL00497@aztec.santafe.edu> References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> Reply-To: rms@gnu.org NNTP-Posting-Host: quimby2.netfonds.no X-Trace: quimby2.netfonds.no 1015285753 23902 195.204.10.66 (4 Mar 2002 23:49:13 GMT) X-Complaints-To: usenet@quimby2.netfonds.no NNTP-Posting-Date: 4 Mar 2002 23:49:13 GMT Cc: Pavel@Janik.cz, walters@verbum.org, emacs-devel@gnu.org Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby2.netfonds.no with esmtp (Exim 3.12 #1 (Debian)) id 16i2Cf-0006DQ-00 for ; Tue, 05 Mar 2002 00:49:13 +0100 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian)) id 16i26L-0007kN-00; Mon, 04 Mar 2002 18:42:41 -0500 Original-Received: from pele.santafe.edu ([192.12.12.119]) by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian)) id 16i24j-0007TH-00; Mon, 04 Mar 2002 18:41:01 -0500 Original-Received: from aztec.santafe.edu (aztec [192.12.12.49]) by pele.santafe.edu (8.11.6+Sun/8.9.3) with ESMTP id g24Nf8u26500; Mon, 4 Mar 2002 16:41:08 -0700 (MST) Original-Received: (from rms@localhost) by aztec.santafe.edu (8.10.2+Sun/8.9.3) id g24NexL00497; Mon, 4 Mar 2002 16:40:59 -0700 (MST) X-Authentication-Warning: aztec.santafe.edu: rms set sender to rms@aztec using -f Original-To: monnier+gnu/emacs@RUM.cs.yale.edu In-reply-to: <200203031718.g23HIKt23295@rum.cs.yale.edu> (monnier+gnu/emacs@RUM.cs.yale.edu) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: quimby.gnus.org gmane.emacs.devel:1725 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:1725 We should instead define a `score-files-directory' which could default to "/var/games" or to "~/.emacs.d". That seems like a reasonable approach. Would someone like to do it? If /var/games is treated just like /tmp, meaning anyone can create a file in it, then it will raise the same security issues as /tmp. We could perhaps use the code that Al Petrovsky sent, if that is correct. Or we could say that the files should be created by root during installation, and that /var/games should not allow anyone but root to create files. _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://mail.gnu.org/mailman/listinfo/emacs-devel