GNU bug report logs - #17416
insecure temp files in ob-screen.el

Previous Next

Packages: org-mode, emacs;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Tue, 6 May 2014 04:15:01 UTC

Severity: important

Tags: security

Found in version 24.3.90

Fixed in version 24.3.91

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Glenn Morris <rgm <at> gnu.org>
To: 17416 <at> debbugs.gnu.org
Subject: bug#17416: insecure temp files in ob-screen.el
Date: Tue, 06 May 2014 00:14:36 -0400

Package: emacs,org-mode
Version: 24.3.90
Severity: important
Tags: security

org-babel-screen-session-write-temp-file and org-babel-screen-test seem
to use predictable temp-file names, which is a security issue. Using
`make-temp-file', or if the file names really need to be predictable,
something equivalent to `doc-view-make-safe-dir' (there should really be
a general utility function for this IMO) to first create a /tmp
subdirectory would avoid this.

This bug report was last modified 11 years and 106 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #17416 insecure temp files in ob-screen.el

GNU bug report logs - #17416
insecure temp files in ob-screen.el