[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: many packages write to `temporary-file-directory' insecurely

From: Richard Stallman
Subject: Re: many packages write to `temporary-file-directory' insecurely
Date: Fri, 8 Mar 2002 02:08:06 -0700 (MST)

    +           (choices (list "/var/games/emacs" "/var/games"
    +                          temporary-file-directory)))
    +       (while (and (not ret) (setq choice (car choices)))
    +         (when (and (eq (car (file-attributes choice)) t)
    +                    (file-writable-p choice))
    +           (setq ret choice))

The game-state-directory should not be world-writable.  If it is
world-writable, it will have the same security problem as /tmp, except
worse if it does not have the sticky bit--make-temp-file won't
be reliable in that case.

One way to solve this problem is by having Emacs installation create
the desired files under /var/games/emacs, make them world-writable,
and make /var/games/emacs read-only.

Does anyone see a better way?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]