From unknown Sat Sep 20 10:23:55 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#17415 <17415@debbugs.gnu.org>
To: bug#17415 <17415@debbugs.gnu.org>
Subject: Status: insecure temp file in tramp-uudecode
Reply-To: bug#17415 <17415@debbugs.gnu.org>
Date: Sat, 20 Sep 2025 17:23:55 +0000

retitle 17415 insecure temp file in tramp-uudecode
reassign 17415 emacs
submitter 17415 Glenn Morris <rgm@gnu.org>
severity 17415 important
tag 17415 security

thanks


From debbugs-submit-bounces@debbugs.gnu.org Tue May 06 00:00:12 2014
Received: (at submit) by debbugs.gnu.org; 6 May 2014 04:00:12 +0000
Received: from localhost ([127.0.0.1]:52225 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1WhWY7-0005DD-W1
	for submit@debbugs.gnu.org; Tue, 06 May 2014 00:00:12 -0400
Received: from fencepost.gnu.org ([208.118.235.10]:42855 ident=Debian-exim)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1WhWY5-0005D2-4s
 for submit@debbugs.gnu.org; Tue, 06 May 2014 00:00:10 -0400
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>)
 id 1WhWY2-0008DC-Sh; Tue, 06 May 2014 00:00:07 -0400
From: Glenn Morris <rgm@gnu.org>
To: submit@debbugs.gnu.org
Subject: insecure temp file in tramp-uudecode
X-Debbugs-CC: michael.albinus@gmx.de
X-Spook: Exon Shell bce Vickie Weaver cracking Kosovo encryption
X-Ran: \}NXo5'{*{S-g"RE&[1TpT-uMDfvh\iKFB<X_%]#m,w%{|bUQ_myF:x0c=>>$!enM&gh}3
X-Hue: cyan
X-Debbugs-No-Ack: yes
X-Attribution: GM
Date: Tue, 06 May 2014 00:00:06 -0400
Message-ID: <poazbsgjd.fsf@fencepost.gnu.org>
User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Spam-Score: -5.7 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.7 (-----)

Package: emacs
Version: 24.3.90
Severity: important
Tags: security

http://bugs.debian.org/747100 points out that tramp-uudecode (now defined
tramp-sh.el) uses a predictable temp-file name.




From debbugs-submit-bounces@debbugs.gnu.org Tue May 06 05:53:17 2014
Received: (at 17415-done) by debbugs.gnu.org; 6 May 2014 09:53:17 +0000
Received: from localhost ([127.0.0.1]:52373 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Whc3p-0007uz-6P
	for submit@debbugs.gnu.org; Tue, 06 May 2014 05:53:17 -0400
Received: from mout.gmx.net ([212.227.15.18]:62838)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <michael.albinus@gmx.de>) id 1Whc3m-0007uh-CK
 for 17415-done@debbugs.gnu.org; Tue, 06 May 2014 05:53:15 -0400
Received: from detlef.gmx.de ([87.146.42.85]) by mail.gmx.com (mrgmx003) with
 ESMTPSA (Nemesis) id 0LvVYZ-1Wr8V60jsR-010eo4;
 Tue, 06 May 2014 11:53:07 +0200
From: Michael Albinus <michael.albinus@gmx.de>
To: Glenn Morris <rgm@gnu.org>
Subject: Re: bug#17415: insecure temp file in tramp-uudecode
References: <poazbsgjd.fsf@fencepost.gnu.org>
Date: Tue, 06 May 2014 11:53:03 +0200
In-Reply-To: <poazbsgjd.fsf@fencepost.gnu.org> (Glenn Morris's message of
 "Tue, 06 May 2014 00:00:06 -0400")
Message-ID: <877g5zgrnk.fsf@gmx.de>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Provags-ID: V03:K0:q4kT3MN7HVhgP/oXJLUgREL5IoEHMq+reaLeAJFQt/xieiBMCcd
 iQON7a9h5iK1F+SFlH1r/n7s4AgeGwDpwaKRTrKnNSq/BguC6ytAomYP0FU72fcKfjF0QYm
 gkT4sK2jHhlqVoVHlHuVP7Q0CsJv8i7cDso6yrzT7mQA6zjU0srsvWU4eXYzbiu9ODTmbHn
 6pep8AXdxs/XSgV9lwvoQ==
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 17415-done
Cc: 17415-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 0.0 (/)

Version: 24.4

Glenn Morris <rgm@gnu.org> writes:

> http://bugs.debian.org/747100 points out that tramp-uudecode (now defined
> tramp-sh.el) uses a predictable temp-file name.

Indeed. I've fixed this in the emacs-24 branch, closing the bug.

Best regards, Michael.




From unknown Sat Sep 20 10:23:55 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Tue, 03 Jun 2014 11:24:04 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator