GNU bug report logs - #17416
insecure temp files in ob-screen.el

Previous Next

Packages: emacs, org-mode;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Tue, 6 May 2014 04:15:01 UTC

Severity: important

Tags: security

Found in version 24.3.90

Fixed in version 24.3.91

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #9 received at 17416 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Eric Schulte <schulte.eric <at> gmail.com>
Cc: 17416 <at> debbugs.gnu.org
Subject: Re: [O] bug#17416: insecure temp files in ob-screen.el
Date: Thu, 08 May 2014 03:04:01 -0400

Eric Schulte wrote:

>> org-babel-screen-session-write-temp-file and org-babel-screen-test seem
>> to use predictable temp-file names, which is a security issue. Using
>> `make-temp-file', or if the file names really need to be predictable,
>> something equivalent to `doc-view-make-safe-dir' (there should really be
>> a general utility function for this IMO) to first create a /tmp
>> subdirectory would avoid this.
>
> I just pushed up a fix for this issue.  Thanks,

If you mean

http://orgmode.org/cgit.cgi/org-mode.git/commit/?id=fea672d30ef4701721c0d4aa70462760a6b21be7

then's there still org-babel-screen-test.

(These are definitely fixes that need merging into the emacs-24 branch.
IIUC this means they need to be in your maint branch?)

This bug report was last modified 11 years and 106 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #17416 insecure temp files in ob-screen.el

GNU bug report logs - #17416
insecure temp files in ob-screen.el