[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: many packages write to `temporary-file-directory' insecurely
From: |
Colin Walters |
Subject: |
Re: many packages write to `temporary-file-directory' insecurely |
Date: |
05 Apr 2002 02:30:36 -0500 |
On Sat, 2002-03-30 at 20:24, Richard Stallman wrote:
> My concern is that since Emacs is often used on large, multiuser
> systems, many of which use disk quotas, a setgid program without any
> limits on the files it creates would be a way for users to get around
> their disk quotas.
>
> One solution for that is to limit the format of the data
> that goes in the file so as to specialize it for game scores.
Well, I guess what bugs me about this is presumably people will want to
have at least their names and/or email addresses in there, and I don't
see how to restrict the "format" of the data such that its total size is
limited.
On the other hand, I've realized it's a good idea to put the actual
username (or at least the uid) into the score lines, so if someone is
using it to store a substantial amount of data, then it will be
blatantly obvious who is doing it.
By the way, I'm almost done with the autoconf magic necessary to support
this; it's been a bit more painful than I thought.
- Re: many packages write to `temporary-file-directory' insecurely,
Colin Walters <=