[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial o

From: Stefan Monnier
Subject: bug#4291: 23.1; doc-view-mode temporary directory vulnerable to denial of service
Date: Mon, 31 Aug 2009 10:55:40 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux)

>> By default doc-view-mode makes a directory /tmp/docview$uid .  Since
>> this is easily predictable, a malicious person could cause docview to
>> fail simply by creating a directory with the same name.
> Couldn't they do the same thing by simply filling /tmp with junk, no
> matter what filename is used?

Yes, tho it's a bit different: your case can be avoided by appropriate
use of quotas on /tmp (yes, I realize this is highly unlikely), and your
case cannot be obtained without impacting the system as a whole
(i.e. it's less discrete).

> (Emacs server also uses the same name every time AFAIK.)

Yes, and Emacs server needs this name to be predictable (an "ls /tmp"
shows that other services, such as `orbit', are similarly vulnerable).

IIRC /tmp/docview$uid is predictable because doc-view tries to reuse
previouly-rendered pages.  I'm not convinced this is really a good
feature, but obviously the author thought it was important, so I'd
rather not drop it without a discussion.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]