sync-recentf icon indicating copy to clipboard operation
sync-recentf copied to clipboard
verified publisher icon ffevotte

possible security issue with temporary-file-directory

Open errge opened this issue 6 years ago • 1 comments

https://github.com/ffevotte/sync-recentf/blob/0052561d5c5b5c2684faedc3eead776aec06c3ed/sync-recentf.el#L64

temporary-file-directory points to /tmp on a standard emacs installation. Opening any file in that directory with a known, non-randomized filename ("sync-recentf-marker") is a very bad idea... If the attacker can time operations and can create symlinks in /tmp, you can have random security issues.

I think you can simply change this to user-emacs-directory without losing anything.

errge avatar Jan 20 '19 19:01 errge

Emacs defaults temporary-file-directory based on TMPDIR, TMP and TEMP environment variables. If TMPDIR points to /tmp, the system itself is insecurely configured since many programs saves temporary files to TMPDIR.

A randomized name in /tmp is still insecure, because an attacker can always watch /tmp and make guesses based on the file content or part of file names.

xuhdev avatar Dec 25 '24 08:12 xuhdev