From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Lars Magne Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service Date: Tue, 12 Jul 2011 23:46:27 +0200 Message-ID: References: <1x7hwk3gis.fsf@fencepost.gnu.org> <7kzkkj897u.fsf@fencepost.gnu.org> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1310507771 30160 80.91.229.12 (12 Jul 2011 21:56:11 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 12 Jul 2011 21:56:11 +0000 (UTC) Cc: David Bremner , 4291@debbugs.gnu.org To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jul 12 23:56:06 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Qgkw1-0008FA-4a for geb-bug-gnu-emacs@m.gmane.org; Tue, 12 Jul 2011 23:56:05 +0200 Original-Received: from localhost ([::1]:42220 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qgkw0-00084T-5l for geb-bug-gnu-emacs@m.gmane.org; Tue, 12 Jul 2011 17:56:04 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:34830) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QgknL-0005jj-56 for bug-gnu-emacs@gnu.org; Tue, 12 Jul 2011 17:47:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QgknG-0003Hg-KG for bug-gnu-emacs@gnu.org; Tue, 12 Jul 2011 17:47:06 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:45122) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QgknG-0003Hc-AM for bug-gnu-emacs@gnu.org; Tue, 12 Jul 2011 17:47:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1QgknF-0005vb-Lk; Tue, 12 Jul 2011 17:47:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Lars Magne Ingebrigtsen Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 12 Jul 2011 21:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 4291 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 4291-submit@debbugs.gnu.org id=B4291.131050721522773 (code B ref 4291); Tue, 12 Jul 2011 21:47:01 +0000 Original-Received: (at 4291) by debbugs.gnu.org; 12 Jul 2011 21:46:55 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qgkn5-0005vC-1S for submit@debbugs.gnu.org; Tue, 12 Jul 2011 17:46:55 -0400 Original-Received: from hermes.netfonds.no ([80.91.224.195]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qgkmz-0005uq-EG for 4291@debbugs.gnu.org; Tue, 12 Jul 2011 17:46:49 -0400 Original-Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=quimbies.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Qgkmn-0006Tx-Ui; Tue, 12 Jul 2011 23:46:34 +0200 In-Reply-To: <7kzkkj897u.fsf@fencepost.gnu.org> (Glenn Morris's message of "Tue, 12 Jul 2011 17:44:53 -0400") User-Agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAElBMVEUIAwpxY10wKCzTxbgN CA8GAQd30LQGAAACTElEQVQ4jVWTUW7sIAxFaQT/NaT/g8MsgPAWQFz3PxoN+99Kr0mnT7UUTYbD ta8NcdqdexDdhoQxg+7zx6k674m+nnhs4UkfB08AxRhh5E6FgY4aKBpA+HAK1bvkeh9L+hhHM9A9 H8y5Uh+PeH+mfYw3GucJ4DJRqkhz3M+jofSjjAHg3NEQVMr2vrX9snZOsKQKQDGtW/26AGp3dy6N OAGlNZpD7DdP3QVPOTKh0H5zbrZ5TmCSVonw7Nga3BVQnA+y8q1u1Z2QnJNpD8OTSY62VehdePYJ bmG8YXvUz5Yi6xdq+u502s2WR4+WVrXRKaY0wVu1GqqtddeDC/0FlpgpUdRctf8Y+gHFcrXc/nX3 B8xGLEpRy4/SegHnrkbwX7051fIClqhVrAh3NYEBU2OEmndLLipduQjeJZco1CIAYulApWScoCS0 7Vvc9jAMWCZTeE7w71lSdMP3xbzO4iqNj3pToRjC+R+oV8qpvQMwJm4A5FKk2YIBHN9jujWFAWqs EuUv8PMiUBE4Qa7HbyqXGm5PW2Hfzlv6HInZTatpVumCcZ6Xq8jWh+rW2s5OTtyFpWNdImFSXoqB 4pAKAKUZt8ws8IpGVgwNggvgRKc3/twJPsS+FZmCOgF21IKRsr0K1vMPELIzZaxwYQuiajVkqyih /Bv4kKx4P5K14f+umwKWYrQVHDiTJXopGkqjp5dirjOAXmCfWeIFMBLcJACP4U9wlcCr2QVw5XIV J7B6Bra9aLTKL4Z+1KZwAGxzdq+Yd/gCR/mVWCLVb78PtK9uKqCIAAAAAElFTkSuQmCC X-Now-Playing: Peter Gabriel's _Plays Live (2)_: "San Jacinto" X-Hashcash: 1:23:110712:bremner-dated-1252800134.2fccb3@pivot.cs.unb.ca::N2DSRToN/FZgQ6f/:000000000000008GxI X-Hashcash: 1:23:110712:monnier@iro.umontreal.ca::rVj+uKpQrWlPH5sE:0000000000000000000000000000000000000WP9I X-Hashcash: 1:23:110712:4291@debbugs.gnu.org::CSpvu6XZZgQ5LzRP:00000000000000000000000000000000000000000Ql6k X-Hashcash: 1:23:110712:rgm@gnu.org::eljX2xxrBNNkjvYL:000001Y2qe X-MailScanner-ID: 1Qgkmn-0006Tx-Ui MailScanner-NULL-Check: 1311111994.04031@Fqwa/Z3+Abll+Ha5VAvNjA X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Tue, 12 Jul 2011 17:47:01 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:48796 Archived-At: Glenn Morris writes: >>> IIRC /tmp/docview$uid is predictable because doc-view tries to reuse >>> previouly-rendered pages. I'm not convinced this is really a good >>> feature, but obviously the author thought it was important, so I'd >>> rather not drop it without a discussion. >> >> It could just stash the directory name in a variable, and use the normal >> `make-temp-file' to create the directory, couldn't it? > > I think the idea referred to above is to potentially re-use pages > converted by a previous Emacs instance (which seems like a bad feature > to me too). Oh, I see. Hm. Sounds like a bad idea to me, too. :-) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/