From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.devel Subject: Re: temp file hole? Date: Thu, 04 Oct 2007 15:56:54 +0200 Message-ID: References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1191506236 22802 80.91.229.12 (4 Oct 2007 13:57:16 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 4 Oct 2007 13:57:16 +0000 (UTC) Cc: emacs-devel@gnu.org To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 04 15:57:14 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1IdRCK-0002hn-S1 for ged-emacs-devel@m.gmane.org; Thu, 04 Oct 2007 15:57:05 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IdRCG-0000w4-Hl for ged-emacs-devel@m.gmane.org; Thu, 04 Oct 2007 09:57:00 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IdRCD-0000vg-Bp for emacs-devel@gnu.org; Thu, 04 Oct 2007 09:56:57 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IdRCC-0000vJ-LY for emacs-devel@gnu.org; Thu, 04 Oct 2007 09:56:57 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IdRCC-0000vF-Cz for emacs-devel@gnu.org; Thu, 04 Oct 2007 09:56:56 -0400 Original-Received: from mailrelay1.alcatel.de ([194.113.59.95]) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1IdRCB-0003sB-RB for emacs-devel@gnu.org; Thu, 04 Oct 2007 09:56:56 -0400 Original-Received: from slbhab.alcatel.de (slbhab.bln.sel.alcatel.de [149.204.63.218]) by mailrelay1.alcatel.de (8.13.4/8.13.4/ICT) with ESMTP id l94DuFq1002099; Thu, 4 Oct 2007 15:56:15 +0200 In-Reply-To: (Stefan Monnier's message of "Wed, 03 Oct 2007 19:38:27 -0400") User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (hpux) X-Scanned-By: MIMEDefang 2.51 on 149.204.45.72 X-Detected-Kernel: Linux 2.4-2.6 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:80236 Archived-At: Stefan Monnier writes: Hi Stefan, > I'm afraid that the recent change to tramp-make-temp-file to use > makw-temp-name instead of make-temp-file introduced a security hole (the > very hole plugged by the introduction of make-temp-file in the first place). I confess that my Changelog entry is a little bit sloppy. And you are right, there could be a security hole. The other reason why I have switched from make-temp-file to make-temp-name is that make-temp-file creates a file without the possibility to declare a file name extension. In Tramp, it is sometimes useful to have the same file name extension in both the temporary file and the original file the temporary file is used for. By this, some actions like deciding major mode etc works automatically. A solution could be that tramp-make-temp-file takes over part of the implementation of make-temp-file, i.e. applies make-temp-name, adds the desired extension to this file name, and creates immediately the temporary file via a loop like in make-temp-file. A similar approach should be applied to tramp-make-tramp-temp-file, which suffers from this security hole since ever. I'll commit a patch tonight (or tomorrow, depends on my spare time). > -- Stefan Thanks, and best regards, Michael.