[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Finalizing 'inhibit-automatic-native-compilation'

From: Tatsuya Kinoshita
Subject: Re: Finalizing 'inhibit-automatic-native-compilation'
Date: Sun, 19 Feb 2023 23:31:31 +0900 (JST)

On 2023-02-18 at 21:56 +0000, Andrea Corallo wrote:
> >> +            (expand-file-name
> >> +             (make-temp-file-internal (file-name-sans-extension 
> >> rel-filename)
> >> +                                      0 ".eln" nil)
> >> +             temporary-file-directory))))
> >
> > Hmm, it seems using make-temp-file-internal with DIR-FLAG=0 which just
> > constructs a name and do not create the file like make-temp-name, so
> > there is a race condition as Stefan mentioned.  Is that really OK?
> Mmhh, Stefan mentioned the case where the tmp file name is predicted.
> Shouldn't make-temp-file-internal return a non predictable file name?
> Otherwise what's the point of using make-temp-file in the first place if
> the temporary name is predictable?

Imagine if a local attacker creates symlinks as the candidate names
before creating the file, though less predictable.

make-temp-name describes as follows:

> There is a race condition between calling `make-temp-name' and
> later creating the file, which opens all kinds of security holes.
> For that reason, you should normally use `make-temp-file' instead.

To create a temporary file in a secure fashion, use make-temp-file
to create a file, or use make-temp-file with DIR-FLAG to create a
subdirectory and then create a file in it.

Tatsuya Kinoshita

reply via email to

[Prev in Thread] Current Thread [Next in Thread]