[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
temp file hole?
From: |
Stefan Monnier |
Subject: |
temp file hole? |
Date: |
Wed, 03 Oct 2007 19:38:27 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/23.0.50 (gnu/linux) |
I'm afraid that the recent change to tramp-make-temp-file to use
makw-temp-name instead of make-temp-file introduced a security hole (the
very hole plugged by the introduction of make-temp-file in the first place).
I.e. if you want to keep using make-temp-name, please justify with comments
why your code is not vulnerable to the usual temp-file race condition
which goes something like:
1- Tramp decides to use /tmp/foo1234 as temp file.
2- some attacker creates a symlink from /tmp/foo1234 to some interesting place.
3- Tramp writes to /tmp/foo1234 without realizing that it's actually writing
to the interesting place through that symlink.
The make-temp-name docstring also says:
There is a race condition between calling `make-temp-name' and creating the
file which opens all kinds of security holes. For that reason, you should
probably use `make-temp-file' instead, except in three circumstances:
* If you are creating the file in the user's home directory.
* If you are creating a directory rather than an ordinary file.
* If you are taking special precautions as `make-temp-file' does.
-- Stefan