From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/63637 Path: news.gmane.org!not-for-mail From: Florian Weimer Newsgroups: gmane.emacs.devel,gmane.emacs.gnus.general Subject: Re: Security flaw in pgg-gpg-process-region? Date: Sun, 03 Sep 2006 18:28:35 +0200 Message-ID: <87ac5gnccs.fsf@mid.deneb.enyo.de> References: <9c79059a-61a9-4fa4-8376-638753320a14@well-done.deisui.org> <4aaf7080-0e3d-4a75-aff5-f9d5bcd0437f@well-done.deisui.org> <87fyjz2gaj.fsf@pacem.orebokech.com> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1157300944 16038 80.91.229.2 (3 Sep 2006 16:29:04 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 3 Sep 2006 16:29:04 +0000 (UTC) Cc: Simon Josefsson , Daiki Ueno , Satyaki Das , ding@gnus.org, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Sep 03 18:29:02 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1GJuqE-0005D1-3u for ged-emacs-devel@m.gmane.org; Sun, 03 Sep 2006 18:29:02 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GJuqD-0006E7-Lz for ged-emacs-devel@m.gmane.org; Sun, 03 Sep 2006 12:29:01 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1GJuq2-0006Ds-Ma for emacs-devel@gnu.org; Sun, 03 Sep 2006 12:28:50 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1GJupz-0006Dg-W3 for emacs-devel@gnu.org; Sun, 03 Sep 2006 12:28:49 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1GJupz-0006Dd-O3 for emacs-devel@gnu.org; Sun, 03 Sep 2006 12:28:47 -0400 Original-Received: from [212.9.189.167] (helo=mail.enyo.de) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1GJv0K-0001Sr-4W for emacs-devel@gnu.org; Sun, 03 Sep 2006 12:39:28 -0400 Original-Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de) by mail.enyo.de with esmtp id 1GJups-0004HE-JU; Sun, 03 Sep 2006 18:28:40 +0200 Original-Received: from fw by deneb.enyo.de with local (Exim 4.62) (envelope-from ) id 1GJupn-0002IR-QG; Sun, 03 Sep 2006 18:28:35 +0200 Original-To: Reiner Steib In-Reply-To: (Reiner Steib's message of "Sat, 02 Sep 2006 13:16:05 +0200") X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:59285 gmane.emacs.gnus.general:63637 Archived-At: * Reiner Steib: > In current Emacs CVS in fact `call-process-region' uses temp files. > Bad. I think this is a severe security problem, isn't it? Why? AFAICS, Emacs uses mkstemp when available, which should get the permissions right.