From mboxrd@z Thu Jan  1 00:00:00 1970
Path: quimby.gnus.org!not-for-mail
From: Richard Stallman <rms@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Fri, 8 Mar 2002 02:08:06 -0700 (MST)
Message-ID: <200203080908.g28986Z02524@wijiji.santafe.edu>
References: <1014945351.23435.102.camel@space-ghost>
	<m3lmdbkwz0.fsf@Janik.cz> <1015103550.7365.17.camel@space-ghost>
	<m3n0xqimw7.fsf@Janik.cz> <200203031718.g23HIKt23295@rum.cs.yale.edu>
	<200203042340.g24NexL00497@aztec.santafe.edu> 
	<jebse3gvu7.fsf@sykes.suse.de>  
	<200203051520.g25FKbw01899@rum.cs.yale.edu> 
	<1015389617.25883.37.camel@space-ghost> <1015400126.18074.0.camel@space-ghost>
Reply-To: rms@gnu.org
NNTP-Posting-Host: quimby.gnus.org
X-Trace: quimby.gnus.org 1015578587 3272 80.91.224.244 (8 Mar 2002 09:09:47 GMT)
X-Complaints-To: usenet@quimby.gnus.org
NNTP-Posting-Date: 8 Mar 2002 09:09:47 GMT
Cc: emacs-devel@gnu.org
Original-Received: from fencepost.gnu.org ([199.232.76.164])
	by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian))
	id 16jGNm-0000qa-00
	for <emacs-devel@quimby.gnus.org>; Fri, 08 Mar 2002 10:09:47 +0100
Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org)
	by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian))
	id 16jGNL-0007m0-00; Fri, 08 Mar 2002 04:09:19 -0500
Original-Received: from pele.santafe.edu ([192.12.12.119])
	by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian))
	id 16jGMB-0007cA-00; Fri, 08 Mar 2002 04:08:07 -0500
Original-Received: from wijiji.santafe.edu (wijiji [192.12.12.5])
	by pele.santafe.edu (8.11.6+Sun/8.9.3) with ESMTP id g2898Hu21108;
	Fri, 8 Mar 2002 02:08:17 -0700 (MST)
Original-Received: (from rms@localhost)
	by wijiji.santafe.edu (8.11.6+Sun/8.9.3) id g28986Z02524;
	Fri, 8 Mar 2002 02:08:06 -0700 (MST)
X-Authentication-Warning: wijiji.santafe.edu: rms set sender to rms@wijiji using -f
Original-To: walters@debian.org
In-reply-to: <1015400126.18074.0.camel@space-ghost> (message from Colin
	Walters on 06 Mar 2002 02:35:26 -0500)
Errors-To: emacs-devel-admin@gnu.org
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.0.5
Precedence: bulk
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Post: <mailto:emacs-devel@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
List-Id: Emacs development discussions. <emacs-devel.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel/>
Xref: quimby.gnus.org gmane.emacs.devel:1793
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:1793

    +		(choices (list "/var/games/emacs" "/var/games"
    +			       temporary-file-directory)))
    +	    (while (and (not ret) (setq choice (car choices)))
    +	      (when (and (eq (car (file-attributes choice)) t)
    +			 (file-writable-p choice))
    +		(setq ret choice))

The game-state-directory should not be world-writable.  If it is
world-writable, it will have the same security problem as /tmp, except
worse if it does not have the sticky bit--make-temp-file won't
be reliable in that case.

One way to solve this problem is by having Emacs installation create
the desired files under /var/games/emacs, make them world-writable,
and make /var/games/emacs read-only.

Does anyone see a better way?


_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://mail.gnu.org/mailman/listinfo/emacs-devel