bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17428: Bug#747100: emacs23: Insecure use of temporary files in inclu

From: Glenn Morris
Subject: bug#17428: Bug#747100: emacs23: Insecure use of temporary files in included lisp libraries/packages
Date: Tue, 06 May 2014 23:48:28 -0400
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) 
>> lisp/gnus/gnus-fun.el:
>>   In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is
>>  used, blindly allowing the existing file to be truncated, and symlinks
>>  followed.

http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html

>> lisp/emacs-lisp/find-gc.el:
>>   In the function `trace-call-tree` there are some horrific invocations
>>  of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc".

http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html

>> lisp/net/browse-url.el
>>   In the function `browse-url-mosaic` the file "/tmp/Mosaic.$PID" is blindly
>>  overwritten.  Suspect this whole function is obsolete though :)

Not an (Emacs) bug.

http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html

>> lisp/net/tramp.el
>>   The function `tramp-uudecode`, a fallback if a real uudecoding binary
>>  is not present, blindly uses "/tmp/tramp.$PID", truncating and removing
>>  the file.

http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
reply via email to
[Prev in Thread] Current Thread [Next in Thread]