GNU bug report logs - #4291
23.1; doc-view-mode temporary directory vulnerable to denial of service

Previous Next

Package: emacs;

Reported by: David Bremner <bremner-dated-1252800134.2fccb3 <at> pivot.cs.unb.ca>

Date: Sun, 30 Aug 2009 00:10:05 UTC

Severity: minor

Tags: fixed

Fixed in version 24.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 4291 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
Cc: David Bremner <bremner-dated-1252800134.2fccb3 <at> pivot.cs.unb.ca>,
	Stefan Monnier <monnier <at> iro.umontreal.ca>, 4291 <at> debbugs.gnu.org
Subject: Re: bug#4291: 23.1;
	doc-view-mode temporary directory vulnerable to denial of service
Date: Tue, 12 Jul 2011 17:44:53 -0400

Lars Magne Ingebrigtsen wrote:

> Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>
>> IIRC /tmp/docview$uid is predictable because doc-view tries to reuse
>> previouly-rendered pages.  I'm not convinced this is really a good
>> feature, but obviously the author thought it was important, so I'd
>> rather not drop it without a discussion.
>
> It could just stash the directory name in a variable, and use the normal
> `make-temp-file' to create the directory, couldn't it?

I think the idea referred to above is to potentially re-use pages
converted by a previous Emacs instance (which seems like a bad feature
to me too).

This bug report was last modified 13 years and 314 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #4291 23.1; doc-view-mode temporary directory vulnerable to denial of service

GNU bug report logs - #4291
23.1; doc-view-mode temporary directory vulnerable to denial of service