From: David Kastrup <dak@gnu.org>
Cc: Stefan Monnier <monnier@iro.umontreal.ca>, emacs-devel@gnu.org
Subject: Re: backup method
Date: Thu, 03 Feb 2005 10:27:24 +0100 [thread overview]
Message-ID: <x5acqmxabn.fsf@lola.goethe.zz> (raw)
In-Reply-To: <E1Cwaf2-0007kg-49@fencepost.gnu.org> (Richard Stallman's message of "Thu, 03 Feb 2005 01:40:16 -0500")
Richard Stallman <rms@gnu.org> writes:
> Any reason why you didn't use make-temp-file?
>
> make-temp-file creates the file empty. Between that and writing the
> data into it, someone else could delete the file and put in a symlink.
The permissions in world-writable temp directories are almost always
1777 which means that nobody but the owner can delete such a file.
Symlink attacks are only possible when the file name can be guessed by
an outside attacker _before_ the file is created.
It is probably just prehistoric and/or misconfigured systems (and
Windows?) where anybody can delete a file from somebody else in
temporary directories.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum
next prev parent reply other threads:[~2005-02-03 9:27 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-27 0:02 backup method Han Boetes
2005-01-27 0:45 ` Luc Teirlinck
2005-01-27 1:20 ` Miles Bader
2005-01-27 1:37 ` Luc Teirlinck
2005-01-27 1:54 ` Han Boetes
2005-01-27 22:18 ` Richard Stallman
2005-01-28 3:56 ` Han Boetes
2005-01-29 4:16 ` Richard Stallman
2005-01-29 6:08 ` Han Boetes
2005-01-29 18:42 ` Luc Teirlinck
2005-01-29 21:06 ` Stefan Monnier
2005-01-29 21:48 ` Luc Teirlinck
2005-01-29 22:37 ` Luc Teirlinck
2005-01-29 22:49 ` Luc Teirlinck
2005-01-29 21:57 ` Luc Teirlinck
2005-01-29 22:05 ` Luc Teirlinck
2005-01-29 22:52 ` Han Boetes
2005-01-29 23:50 ` Stefan Monnier
2005-01-30 21:52 ` Han Boetes
2005-01-31 0:20 ` Richard Stallman
2005-01-31 0:57 ` Stefan Monnier
2005-02-01 13:30 ` Richard Stallman
2005-02-01 14:09 ` Stefan Monnier
2005-02-03 6:40 ` Richard Stallman
2005-02-03 9:27 ` David Kastrup [this message]
2005-02-03 10:15 ` Han Boetes
2005-02-05 5:28 ` Richard Stallman
2005-02-05 10:26 ` David Kastrup
2005-02-06 10:29 ` Richard Stallman
2005-01-31 0:20 ` Richard Stallman
2005-01-31 4:07 ` Han Boetes
2005-01-29 20:06 ` Luc Teirlinck
2005-01-30 10:57 ` Richard Stallman
2005-01-30 11:39 ` Han Boetes
2005-01-27 18:25 ` Kevin Rodgers
2005-01-27 20:25 ` Reiner Steib
2005-01-27 23:19 ` Miles Bader
2005-01-27 23:12 ` Miles Bader
2005-01-28 3:55 ` Richard Stallman
2005-01-27 1:47 ` Luc Teirlinck
2005-01-27 2:08 ` Han Boetes
2005-01-27 2:27 ` Han Boetes
2005-01-27 4:59 ` Han Boetes
2005-01-27 2:37 ` Miles Bader
2005-01-27 3:27 ` Han Boetes
2005-01-27 5:08 ` Eli Zaretskii
2005-01-27 5:27 ` Han Boetes
2005-01-27 19:41 ` Eli Zaretskii
2005-01-28 4:14 ` Han Boetes
2005-01-27 8:30 ` Kim F. Storm
2005-01-27 19:55 ` Luc Teirlinck
2005-01-27 21:12 ` Luc Teirlinck
2005-01-27 20:15 ` Luc Teirlinck
2005-01-27 22:19 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=x5acqmxabn.fsf@lola.goethe.zz \
--to=dak@gnu.org \
--cc=emacs-devel@gnu.org \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).