[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: many packages write to `temporary-file-directory' insecurely
From: |
Stefan Monnier |
Subject: |
Re: many packages write to `temporary-file-directory' insecurely |
Date: |
Tue, 05 Mar 2002 10:15:50 -0500 |
> My solution is to first write the scores securely into a temp file and
> then move it to the desired place. This is safe, because if someone
> has made the destination filename a symbolic link, then the rename
> system call removes the link, rather than overwriting the linked-to file.
The idea is alright, but:
> This requires storing the file in a subdirectory of /tmp that is
> world-writable without restriction, as opposed to /tmp itself, which
> normally has its sticky bit set, thus forbidding people from deleting
> others' files or renaming over them.
This creates another problem, which comes from the fact that Emacs does
not have the notion of file descriptor: an attacker can change the
temp file into a symlink between the call to make-temp-file and the call
to write-region.
I really think it's better to require that the parent directory
of the file we're writing to is only writable by ourselves and/or
by root.
Stefan
- Re: many packages write to `temporary-file-directory' insecurely, Pavel Janík, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Pavel Janík, 2002/03/02
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/03
- Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/03
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/03
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely,
Stefan Monnier <=
- Re: many packages write to `temporary-file-directory' insecurely, Al Petrofsky, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/04
- Re: many packages write to `temporary-file-directory' insecurely, Andreas Schwab, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/06