On Mon, Feb 20, 2023 at 11:02 AM Stefan Monnier <[email protected]> wrote: > > So I guess one could remove the file after the first creation and make > > it a link pointing to some other file waiting for libgccjit to do > > its write. > > "One" as in "an attacker"? In `/tmp` an attacker should not be able to > do that because it's supposed to be using the sticky bit so that only > the owner of a file can remove it.
Just to be clear, this condition should be checked before emacs is willing to use the temporary directory in question. No unprivileged user should be able to overwrite a directory entry the uid of the emacs process creates at any point in the path to the temporary file. Lynn
