From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Andreas Schwab Newsgroups: gmane.emacs.devel Subject: Re: [Emacs-diffs] /srv/bzr/emacs/trunk r111747: * doc-view.el (doc-view-odf->pdf-converter-soffice): Use separate Date: Wed, 13 Feb 2013 00:43:05 +0100 Message-ID: References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1360712826 23062 80.91.229.3 (12 Feb 2013 23:47:06 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 12 Feb 2013 23:47:06 +0000 (UTC) Cc: emacs-devel@gnu.org, Tassilo Horn To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Feb 13 00:47:27 2013 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1U5PZK-0007dH-6p for ged-emacs-devel@m.gmane.org; Wed, 13 Feb 2013 00:47:22 +0100 Original-Received: from localhost ([::1]:39007 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U5PZ0-0004Ez-R6 for ged-emacs-devel@m.gmane.org; Tue, 12 Feb 2013 18:47:02 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:34829) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U5PVP-0003ep-K4 for emacs-devel@gnu.org; Tue, 12 Feb 2013 18:43:26 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1U5PVB-00006S-Vt for emacs-devel@gnu.org; Tue, 12 Feb 2013 18:43:09 -0500 Original-Received: from mail-out.m-online.net ([212.18.0.9]:50909) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1U5PVB-00005x-QB; Tue, 12 Feb 2013 18:43:05 -0500 Original-Received: from frontend1.mail.m-online.net (unknown [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id 3Z5L5h1ZBZz4KK47; Wed, 13 Feb 2013 00:43:03 +0100 (CET) Original-Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3Z5L5g2yd4zbbgb; Wed, 13 Feb 2013 00:43:03 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Original-Received: from mail.mnet-online.de ([192.168.8.180]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id xkeS0stJNDFB; Wed, 13 Feb 2013 00:43:02 +0100 (CET) X-Auth-Info: gYhoWa5TEf8Arl75T3rau/RcGbU0mfTEqfPWXZNIjYE= Original-Received: from linux.local (ppp-88-217-111-245.dynamic.mnet-online.de [88.217.111.245]) by mail.mnet-online.de (Postfix) with ESMTPA; Wed, 13 Feb 2013 00:43:02 +0100 (CET) Original-Received: by linux.local (Postfix, from userid 501) id 26BEB1E564F; Wed, 13 Feb 2013 00:43:05 +0100 (CET) X-Yow: Yow! Are we in the perfect mood? In-Reply-To: (Stefan Monnier's message of "Tue, 12 Feb 2013 09:21:02 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2.93 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x X-Received-From: 212.18.0.9 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:156992 Archived-At: Stefan Monnier writes: >> + ;; A workaround is to start soffice with a >> + ;; separate UserInstallation directory. >> + (concat "-env:UserInstallation=file://" >> + (expand-file-name (format "libreoffice-docview%d" (user-uid)) >> + temporary-file-directory)) > > I'm pretty sure there's some kind of race condition here that lets an > attacker on the same machine make you write files you didn't intend. It should be put in a directory like server.el and doc-view.el do. server-ensure-safe-dir and doc-view-make-safe-dir should probably be factored out into a generic function. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."