From mboxrd@z Thu Jan 1 00:00:00 1970 Path: quimby.gnus.org!not-for-mail From: Andreas Schwab Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: Tue, 05 Mar 2002 11:20:00 +0100 Message-ID: References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> <200203042340.g24NexL00497@aztec.santafe.edu> NNTP-Posting-Host: quimby2.netfonds.no Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: quimby2.netfonds.no 1015324068 16065 195.204.10.66 (5 Mar 2002 10:27:48 GMT) X-Complaints-To: usenet@quimby2.netfonds.no NNTP-Posting-Date: 5 Mar 2002 10:27:48 GMT Cc: monnier+gnu/emacs@RUM.cs.yale.edu, Pavel@Janik.cz, walters@verbum.org, emacs-devel@gnu.org Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby2.netfonds.no with esmtp (Exim 3.12 #1 (Debian)) id 16iCAd-0004B1-00 for ; Tue, 05 Mar 2002 11:27:47 +0100 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian)) id 16iC49-0005gz-00; Tue, 05 Mar 2002 05:21:05 -0500 Original-Received: from ns.suse.de ([213.95.15.193] helo=Cantor.suse.de) by fencepost.gnu.org with smtp (Exim 3.33 #1 (Debian)) id 16iC3Q-0005e7-00; Tue, 05 Mar 2002 05:20:20 -0500 Original-Received: from Hermes.suse.de (Hermes.suse.de [213.95.15.136]) by Cantor.suse.de (Postfix) with ESMTP id 8D5DE1E67C; Tue, 5 Mar 2002 11:20:19 +0100 (MET) X-Authentication-Warning: sykes.suse.de: schwab set sender to schwab@suse.de using -f Original-To: rms@gnu.org X-Yow: UH-OH!! I put on ``GREAT HEAD-ON TRAIN COLLISIONS of the 50's'' by mistake!!! In-Reply-To: <200203042340.g24NexL00497@aztec.santafe.edu> (Richard Stallman's message of "Mon, 4 Mar 2002 16:40:59 -0700 (MST)") Original-Lines: 17 User-Agent: Gnus/5.090005 (Oort Gnus v0.05) Emacs/21.2.50 (ia64-suse-linux) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.5 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: quimby.gnus.org gmane.emacs.devel:1738 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:1738 Richard Stallman writes: |> If /var/games is treated just like /tmp, meaning anyone can create a |> file in it, then it will raise the same security issues as /tmp. We |> could perhaps use the code that Al Petrovsky sent, if that is correct. The convention for /var/games is that it is writable for a special group (game) only, and any program wanting to have access to it must be setgid game. Andreas. -- Andreas Schwab, SuSE Labs, schwab@suse.de SuSE GmbH, Deutschherrnstr. 15-19, D-90429 Nürnberg Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." _______________________________________________ Emacs-devel mailing list Emacs-devel@gnu.org http://mail.gnu.org/mailman/listinfo/emacs-devel