[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote temporary directory

From: Stefan Monnier
Subject: Re: Remote temporary directory
Date: Sun, 31 Jul 2016 10:19:03 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux)

>> This said, there are some non-trivial security issues at stake here:
>> make-temp-file should usually only be used in directories which are
>> either only writable by "trusted" users (i.e. only by the current user),
>> or which have the magical "sticky" bit set.  So using just any writable
>> "nearby" directory is generally unsafe.
> I agree. But `make-temp-file' does not check:
> (let ((temporary-file-directory "~/")) (make-temp-file "tmp"))
> => "/home/albinus/tmp17866D3i"

No, indeed, it's hard to check it reliably.  So instead make-temp-file
relies on temporary-file-directory having a sane value.

> It will be even harder to fulfill this in the remote case.

Exactly.  And for make-nearby-temp-file the intention to save "nearby"
(in the same mount point so that `rename' works "atomically".  On AFS
file-systems this basically mean it can only be in the *same* directory)
might be impossible to satisfy while still using a safe directory.

> Shall we add
> an optional argument SAVE-DIR-ONLY to `make-temp-file' /
You mean               safe   ?

> `make-nearby-temp-file'?  If non-nil, the checks above are performed.

I don't know how to implement those checks in a robust way.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]