Re: Re: CVE request: Emacs 21 fast-lock-mode arbitrary lips code execution

["Gustavo De Nardin (spuk)" <gustavodn () mandriva com>]

* Tavis Ormandy <taviso () sdf lonestar org> [2008-05-14 14:46 +0000]:
> On Wed, May 14, 2008 at 04:03:34PM +0200, Sven Joachim wrote:
> > On 2008-05-14 15:27 +0200, Nico Golde wrote:
> >
> > > As I am a vim user I might have done something wrong too, 
> > > not sure. What I did after installing emacs:
>
> Same here, so out of curiosity i ran strace -efile -o log vim, and
> edited a few files. I observed vim looking for a directory called
> $TMPDIR in the wd, and using it as you would expect. Obviously a bug,
> and perhaps some minor security implications, anyone want to
> investigate? :-)

Check if it is not a mere package build bug. Anyway, tried something like
that and 'grep TMP /tmp/vim.strace' shows nothing to me.