Description: Patch to fix temporary file vulnerability My approach is based on the premise that the make-temp-file function provided from Emacs 22 onwards is safe. So, I backport the method to the rst.el file, and bind it to the symbol rst--make-temp-file as follows: - If the Emacs version is less than 22, use this custom version. This works on Emacs 21, I tested it. - If the Emacs version is 22 or more, bind rst--make-temp-file to the make-temp-fil provided in the Emacs Lisp libraries. I don't see a solution for removing the temporary files, though. I am no expert on security or Emacs Lisp, but I hope this patch provides a start. Author: Kumar Appaiah Addopted due bug bnc#642787 for emacs 23.1 by Werner Fink --- rst.el | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) --- lisp/textmodes/rst.el +++ lisp/textmodes/rst.el 2010-10-06 09:50:28.779926181 +0000 @@ -3297,10 +3297,54 @@ or of the entire buffer, if the region i (defvar rst-pdf-program "xpdf" "Program used to preview PDF files.") +(if (> emacs-major-version 22) + (defalias 'rst--make-temp-file 'make-temp-file) + (defvar temporary-file-directory) + (defun rst--make-temp-file (prefix &optional dir-flag suffix) + "Create a temporary file. +The returned file name (created by appending some random characters at the end +of PREFIX, and expanding against `temporary-file-directory' if necessary), +is guaranteed to point to a newly created empty file. +You can then use `write-region' to write new data into the file. + +If DIR-FLAG is non-nil, create a new empty directory instead of a file. + +If SUFFIX is non-nil, add that at the end of the file name." + (let ((umask (default-file-modes)) + file) + (unwind-protect + (progn + ;; Create temp files with strict access rights. It's easy to + ;; loosen them later, whereas it's impossible to close the + ;; time-window of loose permissions otherwise. + (set-default-file-modes ?\700) + (while (condition-case () + (progn + (setq file + (make-temp-name + (if (zerop (length prefix)) + (file-name-as-directory + temporary-file-directory) + (expand-file-name prefix + temporary-file-directory)))) + (if suffix + (setq file (concat file suffix))) + (if dir-flag + (make-directory file) + (write-region "" nil file nil 'silent nil 'excl)) + nil) + (file-already-exists t)) + ;; the file was somehow created by someone else between + ;; `make-temp-name' and `write-region', let's try again. + nil) + file) + ;; Reset the umask. + (set-default-file-modes umask))))) + (defun rst-compile-pdf-preview () "Convert the document to a PDF file and launch a preview program." (interactive) - (let* ((tmp-filename "/tmp/out.pdf") + (let* ((tmp-filename (rst--make-temp-file "rst" nil ".pdf")) (command (format "rst2pdf.py %s %s && %s %s" buffer-file-name tmp-filename rst-pdf-program tmp-filename))) @@ -3315,7 +3359,7 @@ or of the entire buffer, if the region i (defun rst-compile-slides-preview () "Convert the document to an S5 slide presentation and launch a preview program." (interactive) - (let* ((tmp-filename "/tmp/slides.html") + (let* ((tmp-filename (rst--make-temp-file "rst" nil ".html")) (command (format "rst2s5.py %s %s && %s %s" buffer-file-name tmp-filename rst-slides-program tmp-filename)))