Re: temp file hole?

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: temp file hole?

From:	Stefan Monnier
Subject:	Re: temp file hole?
Date:	Fri, 05 Oct 2007 09:15:11 -0400
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/23.0.50 (gnu/linux)

>> I'm afraid that the recent change to tramp-make-temp-file to use
>> makw-temp-name instead of make-temp-file introduced a security hole (the
>> very hole plugged by the introduction of make-temp-file in the first place).

> I confess that my Changelog entry is a little bit sloppy. And you are
> right, there could be a security hole.

Indeed, I also looked at the code, and I'm pretty sure there's
a security hole.

> The other reason why I have switched from make-temp-file to
> make-temp-name is that make-temp-file creates a file without the
> possibility to declare a file name extension. In Tramp, it is

Then please use make-temp-file when the SUFFIX arg is available, so at least
the security hole is plugged in Emacs-22.


        Stefan

[Prev in Thread]

Current Thread

[Next in Thread]

temp file hole?, Stefan Monnier, 2007/10/03
- Re: temp file hole?, Michael Albinus, 2007/10/04
  - Re: temp file hole?, Johan Bockgård, 2007/10/04
  - Re: temp file hole?, Michael Albinus, 2007/10/04
  - Re: temp file hole?, Ulrich Mueller, 2007/10/05
    - Re: temp file hole?, Michael Albinus, 2007/10/05
    - Re: temp file hole?, Michael Albinus, 2007/10/06
    - Re: temp file hole?, Ulrich Mueller, 2007/10/12
    - Re: temp file hole?, Michael Albinus, 2007/10/12
  - Re: temp file hole?, Stefan Monnier <=
    - Re: temp file hole?, Michael Albinus, 2007/10/06

Prev by Date: Re: current CVS fails
Next by Date: Re: Don't use mark_vectorlike for bool vectors
Previous by thread: Re: temp file hole?
Next by thread: Re: temp file hole?
Index(es):
- Date
- Thread