From unknown Sat Sep 20 10:23:52 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17415: insecure temp file in tramp-uudecode Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: michael.albinus@gmx.de, bug-gnu-emacs@gnu.org Resent-Date: Tue, 06 May 2014 04:01:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 17415 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security To: 17415@debbugs.gnu.org Cc: michael.albinus@gmx.de X-Debbugs-Original-To: submit@debbugs.gnu.org X-Debbugs-Original-Xcc: michael.albinus@gmx.de Received: via spool by submit@debbugs.gnu.org id=B.139934881220045 (code B ref -1); Tue, 06 May 2014 04:01:02 +0000 Received: (at submit) by debbugs.gnu.org; 6 May 2014 04:00:12 +0000 Received: from localhost ([127.0.0.1]:52225 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WhWY7-0005DD-W1 for submit@debbugs.gnu.org; Tue, 06 May 2014 00:00:12 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:42855 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WhWY5-0005D2-4s for submit@debbugs.gnu.org; Tue, 06 May 2014 00:00:10 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WhWY2-0008DC-Sh; Tue, 06 May 2014 00:00:07 -0400 From: Glenn Morris X-Spook: Exon Shell bce Vickie Weaver cracking Kosovo encryption X-Ran: \}NXo5'{*{S-g"RE&[1TpT-uMDfvh\iKFB>$!enM&gh}3 X-Hue: cyan X-Attribution: GM Date: Tue, 06 May 2014 00:00:06 -0400 Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.7 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.7 (-----) Package: emacs Version: 24.3.90 Severity: important Tags: security http://bugs.debian.org/747100 points out that tramp-uudecode (now defined tramp-sh.el) uses a predictable temp-file name. From unknown Sat Sep 20 10:23:52 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.503 (Entity 5.503) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Glenn Morris Subject: bug#17415: closed (Re: bug#17415: insecure temp file in tramp-uudecode) Message-ID: References: <877g5zgrnk.fsf@gmx.de> X-Gnu-PR-Message: they-closed 17415 X-Gnu-PR-Package: emacs X-Gnu-PR-Keywords: security Reply-To: 17415@debbugs.gnu.org Date: Tue, 06 May 2014 09:54:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1399370043-30508-1" This is a multi-part message in MIME format... ------------=_1399370043-30508-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #17415: insecure temp file in tramp-uudecode which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 17415@debbugs.gnu.org. --=20 17415: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D17415 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1399370043-30508-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 17415-done) by debbugs.gnu.org; 6 May 2014 09:53:17 +0000 Received: from localhost ([127.0.0.1]:52373 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Whc3p-0007uz-6P for submit@debbugs.gnu.org; Tue, 06 May 2014 05:53:17 -0400 Received: from mout.gmx.net ([212.227.15.18]:62838) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Whc3m-0007uh-CK for 17415-done@debbugs.gnu.org; Tue, 06 May 2014 05:53:15 -0400 Received: from detlef.gmx.de ([87.146.42.85]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0LvVYZ-1Wr8V60jsR-010eo4; Tue, 06 May 2014 11:53:07 +0200 From: Michael Albinus To: Glenn Morris Subject: Re: bug#17415: insecure temp file in tramp-uudecode References: Date: Tue, 06 May 2014 11:53:03 +0200 In-Reply-To: (Glenn Morris's message of "Tue, 06 May 2014 00:00:06 -0400") Message-ID: <877g5zgrnk.fsf@gmx.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Provags-ID: V03:K0:q4kT3MN7HVhgP/oXJLUgREL5IoEHMq+reaLeAJFQt/xieiBMCcd iQON7a9h5iK1F+SFlH1r/n7s4AgeGwDpwaKRTrKnNSq/BguC6ytAomYP0FU72fcKfjF0QYm gkT4sK2jHhlqVoVHlHuVP7Q0CsJv8i7cDso6yrzT7mQA6zjU0srsvWU4eXYzbiu9ODTmbHn 6pep8AXdxs/XSgV9lwvoQ== X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17415-done Cc: 17415-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Version: 24.4 Glenn Morris writes: > http://bugs.debian.org/747100 points out that tramp-uudecode (now defined > tramp-sh.el) uses a predictable temp-file name. Indeed. I've fixed this in the emacs-24 branch, closing the bug. Best regards, Michael. ------------=_1399370043-30508-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 6 May 2014 04:00:12 +0000 Received: from localhost ([127.0.0.1]:52225 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WhWY7-0005DD-W1 for submit@debbugs.gnu.org; Tue, 06 May 2014 00:00:12 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:42855 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WhWY5-0005D2-4s for submit@debbugs.gnu.org; Tue, 06 May 2014 00:00:10 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WhWY2-0008DC-Sh; Tue, 06 May 2014 00:00:07 -0400 From: Glenn Morris To: submit@debbugs.gnu.org Subject: insecure temp file in tramp-uudecode X-Debbugs-CC: michael.albinus@gmx.de X-Spook: Exon Shell bce Vickie Weaver cracking Kosovo encryption X-Ran: \}NXo5'{*{S-g"RE&[1TpT-uMDfvh\iKFB>$!enM&gh}3 X-Hue: cyan X-Debbugs-No-Ack: yes X-Attribution: GM Date: Tue, 06 May 2014 00:00:06 -0400 Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.7 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.7 (-----) Package: emacs Version: 24.3.90 Severity: important Tags: security http://bugs.debian.org/747100 points out that tramp-uudecode (now defined tramp-sh.el) uses a predictable temp-file name. ------------=_1399370043-30508-1--