Re: Bug#311296: mutt: Temporary file creation is unsafe

To: 311296@xxxxxxxxxxxxxxx, mutt-dev@xxxxxxxx
Subject: Re: Bug#311296: mutt: Temporary file creation is unsafe
From: Vincent Lefevre <vincent@xxxxxxxxxx>
Date: Tue, 31 May 2005 16:16:44 +0200
In-reply-to: <20050530192420.GA9513@xxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: 311296@xxxxxxxxxxxxxxx, mutt-dev@xxxxxxxx
References: <20050530192420.GA9513@xxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.9-vl-20050401i

> From: "Roberto C. Sanchez" <roberto@xxxxxxxxxxxxxxxxxx>

> [...] There is no threat of overwriting an existing file or creating
> a file somewhere where the user lacks appropriate permissions, but
> there is a trivial way to DoS the users in mutt.

The user can still change $tmpdir in his muttrc to avoid this problem
(and also avoid losing data if the machine is rebooted). So, it would
be even more trivial by filling up the disk, but this would not be a
bug in Mutt.

IMHO, this is just a minor problem.

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / SPACES project at LORIA

References:
- Bug#311296: mutt: Temporary file creation is unsafe
  - From: Marco d'Itri

Prev by Date: Re: bug: incorrect conversion from MMDF to mbox
Next by Date: Re: unread mail
Previous by thread: Bug#311296: mutt: Temporary file creation is unsafe
Next by thread: change headers which show up in edit buffer
Index(es):
- Date
- Thread