possible security issue with temporary-file-directory

[errge]

sync-recentf/sync-recentf.el

Line 64 in 0052561

(concat temporary-file-directory "sync-recentf-marker")

temporary-file-directory points to /tmp on a standard emacs installation. Opening any file in that directory with a known, non-randomized filename ("sync-recentf-marker") is a very bad idea... If the attacker can time operations and can create symlinks in /tmp, you can have random security issues.

I think you can simply change this to user-emacs-directory without losing anything.

[xuhdev]

Emacs defaults temporary-file-directory based on TMPDIR, TMP and TEMP environment variables. If TMPDIR points to /tmp, the system itself is insecurely configured since many programs saves temporary files to TMPDIR.

A randomized name in /tmp is still insecure, because an attacker can always watch /tmp and make guesses based on the file content or part of file names.