GNU bug report logs - #19858
25.0.50; Docstring bug in make-temp-name

Previous Next

Package: emacs;

Reported by: Marcin Borkowski <mbork <at> wmi.amu.edu.pl>

Date: Fri, 13 Feb 2015 21:58:01 UTC

Severity: minor

Found in version 25.0.50

Fixed in version 24.5

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 19858 in the body.
You can then email your comments to 19858 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#19858; Package emacs. (Fri, 13 Feb 2015 21:58:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Marcin Borkowski <mbork <at> wmi.amu.edu.pl>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Fri, 13 Feb 2015 21:58:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
To: bug-gnu-emacs <at> gnu.org
Subject: 25.0.50; Docstring bug in make-temp-name
Date: Fri, 13 Feb 2015 22:57:15 +0100

The docstring for `make-temp-file' says (among other things):

"For that reason, you should
probably use `make-temp-file' instead, except in three circumstances:

* If you are creating the file in the user's home directory.
* If you are creating a directory rather than an ordinary file."

However, `make-temp-file' actually can create directories, so the second
point in the above quote is unnecessary and misleading.

Best regards,

Version info:

In GNU Emacs 25.0.50.1 (i686-pc-linux-gnu, GTK+ Version 3.10.8)
 of 2015-01-02 on aga-netbook
Repository revision: 11ee7d8bf16b8ee4fcb3659e4b09686ed8b10590
Windowing system distributor `The X.Org Foundation', version 11.0.11501000
System Description:	Ubuntu 14.04.1 LTS

-- 
Marcin Borkowski
http://octd.wmi.amu.edu.pl/en/Marcin_Borkowski
Faculty of Mathematics and Computer Science
Adam Mickiewicz University
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#19858; Package emacs. (Sat, 14 Feb 2015 04:08:01 GMT) Full text and rfc822 format available.

Message #8 received at 19858 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
To: Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
Cc: 19858 <at> debbugs.gnu.org
Subject: Re: bug#19858: 25.0.50; Docstring bug in make-temp-name
Date: Fri, 13 Feb 2015 23:07:57 -0500

> The docstring for `make-temp-file' says (among other things):
> "For that reason, you should
> probably use `make-temp-file' instead, except in three circumstances:

> * If you are creating the file in the user's home directory.
> * If you are creating a directory rather than an ordinary file."

> However, `make-temp-file' actually can create directories, so the second
> point in the above quote is unnecessary and misleading.

make-temp-file can also create a temp file in the user's home directory
(so your criticism also applies to the first point).

The issue is simply that in cases other than the above two, using
make-temp-name is *dangerous*.


        Stefan
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#19858; Package emacs. (Tue, 17 Feb 2015 22:34:02 GMT) Full text and rfc822 format available.

Message #11 received at 19858 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
Cc: 19858 <at> debbugs.gnu.org, Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
Subject: Re: bug#19858: 25.0.50; Docstring bug in make-temp-name
Date: Tue, 17 Feb 2015 17:33:56 -0500

Stefan Monnier wrote:

> make-temp-file can also create a temp file in the user's home directory
> (so your criticism also applies to the first point).
>
> The issue is simply that in cases other than the above two, using
> make-temp-name is *dangerous*.

Why's it not dangerous in HOME?
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#19858; Package emacs. (Wed, 18 Feb 2015 03:48:02 GMT) Full text and rfc822 format available.

Message #14 received at 19858 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 19858 <at> debbugs.gnu.org, Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
Subject: Re: bug#19858: 25.0.50; Docstring bug in make-temp-name
Date: Tue, 17 Feb 2015 22:46:41 -0500

>> make-temp-file can also create a temp file in the user's home directory
>> (so your criticism also applies to the first point).
>> The issue is simply that in cases other than the above two, using
>> make-temp-name is *dangerous*.
> Why's it not dangerous in HOME?

Presumably, HOME is only writable by yourself, so you can presume that
there's no attacker trying play race-condition tricks on you in there to
try and get to run code under your UID.


        Stefan
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#19858; Package emacs. (Fri, 20 Feb 2015 05:43:02 GMT) Full text and rfc822 format available.

Message #17 received at 19858 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
Cc: 19858 <at> debbugs.gnu.org, Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
Subject: Re: bug#19858: 25.0.50; Docstring bug in make-temp-name
Date: Fri, 20 Feb 2015 00:42:46 -0500

Stefan Monnier wrote:

> Presumably, HOME is only writable by yourself, so you can presume that
> there's no attacker trying play race-condition tricks on you in there to
> try and get to run code under your UID.

If it meant "it's safe so long as no-one else can write to the
containing directory", then I think it should have said that rather than
making assumptions about the permissions of HOME.

Anyway, I don't think those various qualifications were helpful, so I
basically removed them from the doc.
bug marked as fixed in version 24.5, send any further explanations to 19858 <at> debbugs.gnu.org and Marcin Borkowski <mbork <at> wmi.amu.edu.pl> Request was from Glenn Morris <rgm <at> gnu.org> to control <at> debbugs.gnu.org. (Fri, 20 Feb 2015 05:44:01 GMT) Full text and rfc822 format available.
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#19858; Package emacs. (Fri, 20 Feb 2015 17:16:02 GMT) Full text and rfc822 format available.

Message #22 received at 19858 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 19858 <at> debbugs.gnu.org, Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
Subject: Re: bug#19858: 25.0.50; Docstring bug in make-temp-name
Date: Fri, 20 Feb 2015 12:15:13 -0500

> Anyway, I don't think those various qualifications were helpful, so I
> basically removed them from the doc.

Agreed, thanks,


        Stefan
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 21 Mar 2015 11:24:04 GMT) Full text and rfc822 format available.
This bug report was last modified 10 years and 144 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.