Tatsuya Kinoshita <[email protected]> writes: > On 2023-02-17 at 09:42 -0700, Sean Whitton wrote: >> So: commit ce4a066ed1e fixes Debian bug #1021842 without the env var. > > On 2023-02-14 at 11:32 +0000, Andrea Corallo wrote: >> Stefan Monnier <[email protected]> writes: >> > `temporary-file-directory' may point to a world-writable directory, so >> > it's vulnerable to the usual race condition where someone manages to >> > predict the name of the file you're going to write and places there >> > a symlink to some "interesting" place, so you end up overwriting some >> > other file unwittingly. >> >> Okay, ce4a066ed1e generates trampolines in a temporary directory if no >> other option is viable (using the make-temp-file machinery to generate >> the unpredictable name). > >> + finally (cl-return >> + (expand-file-name >> + (make-temp-file-internal (file-name-sans-extension >> rel-filename) >> + 0 ".eln" nil) >> + temporary-file-directory)))) > > Hmm, it seems using make-temp-file-internal with DIR-FLAG=0 which just > constructs a name and do not create the file like make-temp-name, so > there is a race condition as Stefan mentioned. Is that really OK?
Mmhh, Stefan mentioned the case where the tmp file name is predicted. Shouldn't make-temp-file-internal return a non predictable file name? Otherwise what's the point of using make-temp-file in the first place if the temporary name is predictable? Andrea
