[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#17428: Bug#747100: emacs23: Insecure use of temporary files in inclu
From: |
Glenn Morris |
Subject: |
bug#17428: Bug#747100: emacs23: Insecure use of temporary files in included lisp libraries/packages |
Date: |
Tue, 06 May 2014 23:48:28 -0400 |
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
>> lisp/gnus/gnus-fun.el:
>> In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is
>> used, blindly allowing the existing file to be truncated, and symlinks
>> followed.
http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
>> lisp/emacs-lisp/find-gc.el:
>> In the function `trace-call-tree` there are some horrific invocations
>> of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc".
http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html
>> lisp/net/browse-url.el
>> In the function `browse-url-mosaic` the file "/tmp/Mosaic.$PID" is blindly
>> overwritten. Suspect this whole function is obsolete though :)
Not an (Emacs) bug.
http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html
>> lisp/net/tramp.el
>> The function `tramp-uudecode`, a fallback if a real uudecoding binary
>> is not present, blindly uses "/tmp/tramp.$PID", truncating and removing
>> the file.
http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html