many packages write to `temporary-file-directory' insecurely

[Colin Walters]

Hi,

I discovered a security problem with M-x snake, and a number of other
packages. For example, snake writes "snake-scores" to
`temporary-file-directory' (which defaults to /tmp on my system).  If an
attacker creates a symlink /tmp/snake-scores -> /home/luser/.bashrc, and
"luser" later runs M-x snake, then their .bashrc will be happily
overwritten with their snake scores.  Try it.

After a quick grep through the Emacs source, terminal.el looks like it
does something similar in the function `te-create-terminfo'.  And eshell
appears to use `make-temp-name' insecurely in the function
`eshell-parse-variable-ref'., although it is difficult to follow the
code.  And there are a number of others that I haven't investigated too
closely.  Calc was creating a temporary gnuplot file insecurely; I've
just fixed it.  These all *must* be fixed.  

I gather that there have been reports about this problem in the past,
and this was the reason `make-temp-file' was introduced to replace
`make-temp-name'.  If you maintain a package that creates temporary
files, please make sure you are using `make-temp-file'!