From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eric Schulte Newsgroups: gmane.emacs.bugs Subject: bug#17416: [O] bug#17416: insecure temp files in ob-screen.el Date: Thu, 08 May 2014 12:20:23 -0600 Message-ID: <87a9asku8o.fsf@gmail.com> References: <61ljbl1v.fsf@fencepost.gnu.org> <87vbthm5pe.fsf@gmail.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1399573294 32431 80.91.229.3 (8 May 2014 18:21:34 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 8 May 2014 18:21:34 +0000 (UTC) Cc: 17416@debbugs.gnu.org, Eric Schulte To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu May 08 20:21:26 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WiSwg-00084q-99 for geb-bug-gnu-emacs@m.gmane.org; Thu, 08 May 2014 20:21:26 +0200 Original-Received: from localhost ([::1]:48725 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WiSwf-0001iA-P5 for geb-bug-gnu-emacs@m.gmane.org; Thu, 08 May 2014 14:21:25 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:46552) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WiSwX-0001be-Jd for bug-gnu-emacs@gnu.org; Thu, 08 May 2014 14:21:22 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WiSwS-00059k-II for bug-gnu-emacs@gnu.org; Thu, 08 May 2014 14:21:17 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38910) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WiSwI-00058c-KA; Thu, 08 May 2014 14:21:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WiSwI-0004qJ-2b; Thu, 08 May 2014 14:21:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eric Schulte Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org, emacs-orgmode@gnu.org Resent-Date: Thu, 08 May 2014 18:21:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17416 X-GNU-PR-Package: emacs,org-mode X-GNU-PR-Keywords: security Original-Received: via spool by 17416-submit@debbugs.gnu.org id=B17416.139957325918597 (code B ref 17416); Thu, 08 May 2014 18:21:02 +0000 Original-Received: (at 17416) by debbugs.gnu.org; 8 May 2014 18:20:59 +0000 Original-Received: from localhost ([127.0.0.1]:56261 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WiSwE-0004ps-Fh for submit@debbugs.gnu.org; Thu, 08 May 2014 14:20:58 -0400 Original-Received: from mail-pa0-f43.google.com ([209.85.220.43]:32784) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WiSw5-0004pK-2D for 17416@debbugs.gnu.org; Thu, 08 May 2014 14:20:56 -0400 Original-Received: by mail-pa0-f43.google.com with SMTP id hz1so3217308pad.2 for <17416@debbugs.gnu.org>; Thu, 08 May 2014 11:20:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=kFYGf6Toza0EPwsKC3H9QNG1OeJgKHM0JaZBKYeEfqc=; b=Mf0hRMRs6Q9q67/s8d2xNEMvH/1rGd/YsFJULDHyZZr0PfJI/4q++6w1yqgjou4Dgz Ym4xU7i/SHXCFqHO8++S49QScO9t9LBJlzni3i4d0nmB51sdayRtgfNpuOTOtjHPAjs2 OLkV3dX05mwAH+OwVSk/GOWSIoP5gNoPuUTtLCTaK6alaZZeVeGMYGurM09JXW7ekyw9 01QI53fqXmCYtyilvcDewsD6fRy+7GSXumHAsjV/jR0IcCQqurmpgTGG4oZO7L6DzLAB 8HU6aN2onub8XQUX0qtND0UE6Uz92KS3MZ7SAjHFjWA9thMexQaT2Xwl45ku3P/u6tNs xzzA== X-Received: by 10.66.227.104 with SMTP id rz8mr10621854pac.74.1399573243018; Thu, 08 May 2014 11:20:43 -0700 (PDT) Original-Received: from bagel (c-174-56-50-60.hsd1.nm.comcast.net. [174.56.50.60]) by mx.google.com with ESMTPSA id qq5sm3247569pbb.24.2014.05.08.11.20.37 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 May 2014 11:20:40 -0700 (PDT) In-Reply-To: (Glenn Morris's message of "Thu, 08 May 2014 03:04:01 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:88795 Archived-At: Glenn Morris writes: > Eric Schulte wrote: > >>> org-babel-screen-session-write-temp-file and org-babel-screen-test seem >>> to use predictable temp-file names, which is a security issue. Using >>> `make-temp-file', or if the file names really need to be predictable, >>> something equivalent to `doc-view-make-safe-dir' (there should really be >>> a general utility function for this IMO) to first create a /tmp >>> subdirectory would avoid this. >> >> I just pushed up a fix for this issue. Thanks, > > If you mean > > http://orgmode.org/cgit.cgi/org-mode.git/commit/?id=fea672d30ef4701721c0d4aa70462760a6b21be7 > > then's there still org-babel-screen-test. > Fixed. > > (These are definitely fixes that need merging into the emacs-24 branch. > IIUC this means they need to be in your maint branch?) Cherrypicked into maint. Thanks, -- Eric Schulte https://cs.unm.edu/~eschulte PGP: 0x614CA05D