From mboxrd@z Thu Jan  1 00:00:00 1970
Path: quimby.gnus.org!not-for-mail
From: "Stefan Monnier" <monnier+gnu/emacs@RUM.cs.yale.edu>
Newsgroups: gmane.emacs.devel
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Tue, 05 Mar 2002 10:20:37 -0500
Message-ID: <200203051520.g25FKbw01899@rum.cs.yale.edu>
References: <1014945351.23435.102.camel@space-ghost> <m3lmdbkwz0.fsf@Janik.cz> <1015103550.7365.17.camel@space-ghost> <m3n0xqimw7.fsf@Janik.cz> <200203031718.g23HIKt23295@rum.cs.yale.edu> <200203042340.g24NexL00497@aztec.santafe.edu>  <jebse3gvu7.fsf@sykes.suse.de>
NNTP-Posting-Host: quimby2.netfonds.no
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: quimby2.netfonds.no 1015342073 27900 195.204.10.66 (5 Mar 2002 15:27:53 GMT)
X-Complaints-To: usenet@quimby2.netfonds.no
NNTP-Posting-Date: 5 Mar 2002 15:27:53 GMT
Cc: rms@gnu.org, monnier+gnu/emacs@RUM.cs.yale.edu, Pavel@Janik.cz,
   walters@verbum.org, emacs-devel@gnu.org
Original-Received: from fencepost.gnu.org ([199.232.76.164])
	by quimby2.netfonds.no with esmtp (Exim 3.12 #1 (Debian))
	id 16iGr2-0007Fu-00
	for <emacs-devel@quimby.gnus.org>; Tue, 05 Mar 2002 16:27:52 +0100
Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org)
	by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian))
	id 16iGkS-0001uh-00; Tue, 05 Mar 2002 10:21:04 -0500
Original-Received: from rum.cs.yale.edu ([128.36.229.169])
	by fencepost.gnu.org with esmtp (Exim 3.33 #1 (Debian))
	id 16iGk3-0001tZ-00; Tue, 05 Mar 2002 10:20:39 -0500
Original-Received: (from monnier@localhost)
	by rum.cs.yale.edu (8.11.6/8.11.6) id g25FKbw01899;
	Tue, 5 Mar 2002 10:20:37 -0500
X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4
Original-To: Andreas Schwab <schwab@suse.de>
Errors-To: emacs-devel-admin@gnu.org
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Post: <mailto:emacs-devel@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
List-Id: Emacs development discussions. <emacs-devel.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel/>
Xref: quimby.gnus.org gmane.emacs.devel:1743
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:1743

> Richard Stallman <rms@gnu.org> writes:
> 
> |> If /var/games is treated just like /tmp, meaning anyone can create a
> |> file in it, then it will raise the same security issues as /tmp.  We
> |> could perhaps use the code that Al Petrovsky sent, if that is correct.
> 
> The convention for /var/games is that it is writable for a special group
> (game) only, and any program wanting to have access to it must be setgid
> game.

Which is not an option for Emacs.  I'd much rather have something like
/var/games/emacs-scores owned by root and only writable by root
with a file /var/games/emacs-scores/snake that's world-writable.


	Stefan


_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://mail.gnu.org/mailman/listinfo/emacs-devel