|
From: | Glenn Morris |
Subject: | bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service |
Date: | Sun, 30 Aug 2009 21:42:51 -0400 |
User-agent: | Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
David Bremner wrote: > By default doc-view-mode makes a directory /tmp/docview$uid . Since > this is easily predictable, a malicious person could cause docview to > fail simply by creating a directory with the same name. Couldn't they do the same thing by simply filling /tmp with junk, no matter what filename is used? (Emacs server also uses the same name every time AFAIK.)
[Prev in Thread] | Current Thread | [Next in Thread] |