[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

psvn.el: insecure temporary files

From: Kalle Olavi Niemitalo <kon_at_iki.fi>
Date: 2003-08-09 13:23:26 CEST

psvn.el writes temporary files "svn.arg", "svn-prop-edit.txt" and
"svn-log-edit.txt" in the directory given as svn-status-temp-dir,
which is typically "/tmp/". If another user has already created
these files, psvn commands fail with error messages like "Opening
output file: permission denied, /tmp/svn.arg". Symlink attacks
are also possible.

As a workaround, svn-status-temp-dir can be changed to point to a
directory where other users cannot write. For example, this
could be done in ~/.emacs:

  (setq svn-status-temp-dir (expand-file-name "~/.svn/psvn.tmp/"))
  (make-directory svn-status-temp-dir t)

However, this has two flaws: any files left over in that
directory are not automatically removed by the system
(although they are generally small so it shouldn't matter),
and simultaneous Emacs sessions of the same user can still
disrupt each other.

I'd prefer to fix this by making psvn automatically generate
unique filenames in the standard tmp directory. It should also
delete the temporary files as soon as possible, so that it
needn't wonder whether it is safe to reuse files. However,
this solution seems to require the mustbenew parameter of
write-region, which is not available XEmacs 21.4.
(In that version, the seventh parameter is coding-system.)

Yet another possibility would be to automatically create a unique
directory in /tmp/ and then use that as svn-status-temp-dir.
The make-directory function seems to fail reliably if the
directory already exists.

What is the best way?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Aug 9 13:24:30 2003

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.