From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel Subject: Re: many packages write to `temporary-file-directory' insecurely Date: Fri, 5 Apr 2002 16:41:20 -0700 (MST) Sender: emacs-devel-admin@gnu.org Message-ID: <200204052341.g35NfKI19179@aztec.santafe.edu> References: <1014945351.23435.102.camel@space-ghost> <1015103550.7365.17.camel@space-ghost> <200203031718.g23HIKt23295@rum.cs.yale.edu> <200203042340.g24NexL00497@aztec.santafe.edu> <200203051520.g25FKbw01899@rum.cs.yale.edu> <1015389617.25883.37.camel@space-ghost> <1015400126.18074.0.camel@space-ghost> <200203080908.g28986Z02524@wijiji.santafe.edu> <1015757200.18074.71.camel@space-ghost> <200203110901.g2B91Ej04386@wijiji.santafe.edu> <1016402881.5455.24.camel@space-ghost> <200203182006.g2IK6dB08697@wijiji.santafe.edu> <1016490983.17157.4.camel@space-ghost> <200203200510.g2K5Atl09572@wijiji.santafe.edu> <1017272799.2144.8.camel@space-ghost> <200203310124.g2V1Ot110614@aztec.santafe.edu> <1017991836.27236.40.camel@space-ghost> Reply-To: rms@gnu.org NNTP-Posting-Host: localhost.gmane.org X-Trace: main.gmane.org 1018050153 1654 127.0.0.1 (5 Apr 2002 23:42:33 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Fri, 5 Apr 2002 23:42:33 +0000 (UTC) Cc: emacs-devel@gnu.org Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.33 #1 (Debian)) id 16tdLl-0000QZ-00 for ; Sat, 06 Apr 2002 01:42:33 +0200 Original-Received: from fencepost.gnu.org ([199.232.76.164]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 16tdYy-0004Yu-00 for ; Sat, 06 Apr 2002 01:56:13 +0200 Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16tdLM-0007qn-00; Fri, 05 Apr 2002 18:42:08 -0500 Original-Received: from pele.santafe.edu ([192.12.12.119]) by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian)) id 16tdKb-0007ii-00; Fri, 05 Apr 2002 18:41:21 -0500 Original-Received: from aztec.santafe.edu (aztec [192.12.12.49]) by pele.santafe.edu (8.11.6+Sun/8.9.3) with ESMTP id g35NfKa29355; Fri, 5 Apr 2002 16:41:20 -0700 (MST) Original-Received: (from rms@localhost) by aztec.santafe.edu (8.10.2+Sun/8.9.3) id g35NfKI19179; Fri, 5 Apr 2002 16:41:20 -0700 (MST) X-Authentication-Warning: aztec.santafe.edu: rms set sender to rms@aztec using -f Original-To: walters@debian.org In-Reply-To: <1017991836.27236.40.camel@space-ghost> (message from Colin Walters on 05 Apr 2002 02:30:36 -0500) Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.8 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: main.gmane.org gmane.emacs.devel:2401 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:2401 On the other hand, I've realized it's a good idea to put the actual username (or at least the uid) into the score lines, so if someone is using it to store a substantial amount of data, then it will be blatantly obvious who is doing it. yes. With the uid, it doesn't need any other name info. Beyond that, there could be a limit of 1k bytes per user.