[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial o
From: |
Stefan Monnier |
Subject: |
bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service |
Date: |
Mon, 31 Aug 2009 10:55:40 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
>> By default doc-view-mode makes a directory /tmp/docview$uid . Since
>> this is easily predictable, a malicious person could cause docview to
>> fail simply by creating a directory with the same name.
> Couldn't they do the same thing by simply filling /tmp with junk, no
> matter what filename is used?
Yes, tho it's a bit different: your case can be avoided by appropriate
use of quotas on /tmp (yes, I realize this is highly unlikely), and your
case cannot be obtained without impacting the system as a whole
(i.e. it's less discrete).
> (Emacs server also uses the same name every time AFAIK.)
Yes, and Emacs server needs this name to be predictable (an "ls /tmp"
shows that other services, such as `orbit', are similarly vulnerable).
IIRC /tmp/docview$uid is predictable because doc-view tries to reuse
previouly-rendered pages. I'm not convinced this is really a good
feature, but obviously the author thought it was important, so I'd
rather not drop it without a discussion.
Stefan