From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: Han Boetes <han@mijncomputer.nl>
Newsgroups: gmane.emacs.devel
Subject: Re: backup method
Date: Thu, 3 Feb 2005 11:15:36 +0100
Message-ID: <20050203101558.GN28863@boetes.org>
References: <20050129060851.GQ6167@boetes.org>
	<200501291842.j0TIgVw09020@raven.dms.auburn.edu>
	<20050129225259.GT6167@boetes.org>
	<87r7k3zti5.fsf-monnier+emacs@gnu.org>
	<E1CvPIT-0007av-GN@fencepost.gnu.org>
	<874qgyxw24.fsf-monnier+emacs@gnu.org>
	<E1Cvy71-0005le-Nd@fencepost.gnu.org>
	<878y681iga.fsf-monnier+emacs@gnu.org>
	<E1Cwaf2-0007kg-49@fencepost.gnu.org>
	<x5acqmxabn.fsf@lola.goethe.zz>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1107429245 25808 80.91.229.2 (3 Feb 2005 11:14:05 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Thu, 3 Feb 2005 11:14:05 +0000 (UTC)
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Feb 03 12:14:04 2005
Original-Received: from lists.gnu.org ([199.232.76.165])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1Cwevd-00033L-Hq
	for ged-emacs-devel@m.gmane.org; Thu, 03 Feb 2005 12:13:41 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1Cwf8m-0007Wv-FC
	for ged-emacs-devel@m.gmane.org; Thu, 03 Feb 2005 06:27:16 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1CwegP-0005z7-PR
	for emacs-devel@gnu.org; Thu, 03 Feb 2005 05:57:58 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1CwegL-0005xZ-RZ
	for emacs-devel@gnu.org; Thu, 03 Feb 2005 05:57:55 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1CwegL-0005eY-1g
	for emacs-devel@gnu.org; Thu, 03 Feb 2005 05:57:53 -0500
Original-Received: from [217.120.147.78] (helo=boetes.org)
	by monty-python.gnu.org with smtp (Exim 4.34) id 1Cwe1U-0003IZ-NN
	for emacs-devel@gnu.org; Thu, 03 Feb 2005 05:15:41 -0500
Original-Received: (qmail 28790 invoked by uid 1000); 3 Feb 2005 10:15:58 -0000
Original-To: emacs-devel@gnu.org
Mail-Followup-To: emacs-devel@gnu.org
Content-Disposition: inline
In-Reply-To: <x5acqmxabn.fsf@lola.goethe.zz>
User-Agent: Mutt/1.5.6i
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
X-MailScanner-To: ged-emacs-devel@m.gmane.org
Xref: main.gmane.org gmane.emacs.devel:32802
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:32802

David Kastrup wrote:
> The permissions in world-writable temp directories are almost
> always 1777 which means that nobody but the owner can delete
> such a file. Symlink attacks are only possible when the file
> name can be guessed by an outside attacker _before_ the file is
> created.

Just a few thoughts.

Perhaps it's an idea to add a function at the C-level that uses
mkstemp?

Since creating a tmp-file with a random name and then moving it to
the proper name is not expensive I see no reason simply do that
for all files.

The mktemp(1) manpage explains very well how normal programs can
create secure files in world-writable dirs.



# Han