From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.bugs Subject: bug#17428: Bug#747100: emacs23: Insecure use of temporary files in included lisp libraries/packages Date: Tue, 06 May 2014 23:48:28 -0400 Message-ID: <71mweul04z.fsf@fencepost.gnu.org> References: <20140505143834.GA5032@steve.org.uk> <87r4466yxs.fsf@trouble.defaultvalue.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1399434560 30506 80.91.229.3 (7 May 2014 03:49:20 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 7 May 2014 03:49:20 +0000 (UTC) Cc: Steve Kemp , 17428@debbugs.gnu.org To: Rob Browning Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed May 07 05:49:14 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Whsr3-00081g-K7 for geb-bug-gnu-emacs@m.gmane.org; Wed, 07 May 2014 05:49:13 +0200 Original-Received: from localhost ([::1]:38355 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Whsr0-0004RK-SQ for geb-bug-gnu-emacs@m.gmane.org; Tue, 06 May 2014 23:49:10 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36612) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Whsqw-0004RD-Rq for bug-gnu-emacs@gnu.org; Tue, 06 May 2014 23:49:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Whsqs-0000po-US for bug-gnu-emacs@gnu.org; Tue, 06 May 2014 23:49:06 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:36033) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Whsqs-0000pa-Qn for bug-gnu-emacs@gnu.org; Tue, 06 May 2014 23:49:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Whsqs-0006VC-7R for bug-gnu-emacs@gnu.org; Tue, 06 May 2014 23:49:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 07 May 2014 03:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17428 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 17428-submit@debbugs.gnu.org id=B17428.139943451324937 (code B ref 17428); Wed, 07 May 2014 03:49:02 +0000 Original-Received: (at 17428) by debbugs.gnu.org; 7 May 2014 03:48:33 +0000 Original-Received: from localhost ([127.0.0.1]:53384 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WhsqO-0006U9-WE for submit@debbugs.gnu.org; Tue, 06 May 2014 23:48:33 -0400 Original-Received: from fencepost.gnu.org ([208.118.235.10]:41902 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WhsqM-0006Tx-TW for 17428@debbugs.gnu.org; Tue, 06 May 2014 23:48:31 -0400 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WhsqL-0008FA-6B; Tue, 06 May 2014 23:48:29 -0400 X-Spook: RSA cracking rs9512c covert video Defcon airframe X-Ran: 'Hz^b2b2F% (Rob Browning's message of "Tue, 06 May 2014 22:38:07 -0500") User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:88722 Archived-At: >> lisp/gnus/gnus-fun.el: >> In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is >> used, blindly allowing the existing file to be truncated, and symlinks >> followed. http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html >> lisp/emacs-lisp/find-gc.el: >> In the function `trace-call-tree` there are some horrific invocations >> of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc". http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html >> lisp/net/browse-url.el >> In the function `browse-url-mosaic` the file "/tmp/Mosaic.$PID" is blindly >> overwritten. Suspect this whole function is obsolete though :) Not an (Emacs) bug. http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html >> lisp/net/tramp.el >> The function `tramp-uudecode`, a fallback if a real uudecoding binary >> is not present, blindly uses "/tmp/tramp.$PID", truncating and removing >> the file. http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html