GNU bug report logs - #4291
23.1; doc-view-mode temporary directory vulnerable to denial of service

Previous Next

Package: emacs;

Reported by: David Bremner <bremner-dated-1252800134.2fccb3 <at> pivot.cs.unb.ca>

Date: Sun, 30 Aug 2009 00:10:05 UTC

Severity: minor

Tags: fixed

Fixed in version 24.1

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #27 received at 4291 <at> debbugs.gnu.org (full text, mbox):

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: David Bremner <bremner-dated-1252800134.2fccb3 <at> pivot.cs.unb.ca>,
	Stefan Monnier <monnier <at> iro.umontreal.ca>, 4291 <at> debbugs.gnu.org
Subject: Re: bug#4291: 23.1;
	doc-view-mode temporary directory vulnerable to denial of service
Date: Tue, 12 Jul 2011 23:46:27 +0200

Glenn Morris <rgm <at> gnu.org> writes:

>>> IIRC /tmp/docview$uid is predictable because doc-view tries to reuse
>>> previouly-rendered pages.  I'm not convinced this is really a good
>>> feature, but obviously the author thought it was important, so I'd
>>> rather not drop it without a discussion.
>>
>> It could just stash the directory name in a variable, and use the normal
>> `make-temp-file' to create the directory, couldn't it?
>
> I think the idea referred to above is to potentially re-use pages
> converted by a previous Emacs instance (which seems like a bad feature
> to me too).

Oh, I see.  Hm.  Sounds like a bad idea to me, too.  :-)

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/
This bug report was last modified 13 years and 314 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.