[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Colin Walters
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: 05 Apr 2002 02:30:36 -0500

On Sat, 2002-03-30 at 20:24, Richard Stallman wrote:
>     My concern is that since Emacs is often used on large, multiuser
>     systems, many of which use disk quotas, a setgid program without any
>     limits on the files it creates would be a way for users to get around
>     their disk quotas.  
> One solution for that is to limit the format of the data
> that goes in the file so as to specialize it for game scores.

Well, I guess what bugs me about this is presumably people will want to
have at least their names and/or email addresses in there, and I don't
see how to restrict the "format" of the data such that its total size is

On the other hand, I've realized it's a good idea to put the actual
username (or at least the uid) into the score lines, so if someone is
using it to store a substantial amount of data, then it will be
blatantly obvious who is doing it.

By the way, I'm almost done with the autoconf magic necessary to support
this; it's been a bit more painful than I thought.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]