[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: many packages write to `temporary-file-directory' insecurely
From: |
Colin Walters |
Subject: |
Re: many packages write to `temporary-file-directory' insecurely |
Date: |
17 Mar 2002 17:08:01 -0500 |
On Mon, 2002-03-11 at 04:01, Richard Stallman wrote:
> > One way to solve this problem is by having Emacs installation create
> > the desired files under /var/games/emacs, make them world-writable,
> > and make /var/games/emacs read-only.
>
> The problem I see with this is that we can't use `rename-file', and thus
> we lose atomicity of score file updates. If multiple users are
> concurrently reading and writing the same file, it will eventually be
> corrupted.
>
> You are right.
>
> How do other game programs handle this?
Well, from a selection of the games I looked at in the Debian "games"
section, none of them seem to make any attempt to handle it at all. In
the "xjewel" source, in "hscore.c", there are empty methods like:
void File_Lock()
{
}
void File_Unlock()
{
}
...which apparently the author was going to fill in later. The
"conquest" game mmap()s the score file, which has the same problems.
And the "lbreakout2" game just uses read and write.
Really, I can't see a way to solve this without using some locking
mechanism. But that has its own problems, e.g. what to do if a
malicious user locks the file and never unlocks it?
My gut feeling is that it really would be best to go with
~/.emacs.d/games or so.
- Re: many packages write to `temporary-file-directory' insecurely, (continued)
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/05
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Eli Zaretskii, 2002/03/07
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/08
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/08
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/10
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/11
- Re: many packages write to `temporary-file-directory' insecurely,
Colin Walters <=
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Steve Kemp, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/18
- Re: many packages write to `temporary-file-directory' insecurely, Pavel JanÃk, 2002/03/19
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/20
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/27
- Re: many packages write to `temporary-file-directory' insecurely, Richard Stallman, 2002/03/30
- Re: many packages write to `temporary-file-directory' insecurely, Stefan Monnier, 2002/03/06
- Re: many packages write to `temporary-file-directory' insecurely, Colin Walters, 2002/03/06