GNU bug report logs - #19858
25.0.50; Docstring bug in make-temp-name

Previous Next

Package: emacs;

Reported by: Marcin Borkowski <mbork <at> wmi.amu.edu.pl>

Date: Fri, 13 Feb 2015 21:58:01 UTC

Severity: minor

Found in version 25.0.50

Fixed in version 24.5

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> IRO.UMontreal.CA>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 19858 <at> debbugs.gnu.org, Marcin Borkowski <mbork <at> wmi.amu.edu.pl>
Subject: bug#19858: 25.0.50; Docstring bug in make-temp-name
Date: Tue, 17 Feb 2015 22:46:41 -0500

>> make-temp-file can also create a temp file in the user's home directory
>> (so your criticism also applies to the first point).
>> The issue is simply that in cases other than the above two, using
>> make-temp-name is *dangerous*.
> Why's it not dangerous in HOME?

Presumably, HOME is only writable by yourself, so you can presume that
there's no attacker trying play race-condition tricks on you in there to
try and get to run code under your UID.


        Stefan

This bug report was last modified 10 years and 144 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #19858 25.0.50; Docstring bug in make-temp-name

GNU bug report logs - #19858
25.0.50; Docstring bug in make-temp-name