bug#865: 23.0.60; The directory is unsafe today

[Stefan Monnier]

>> I think the problem comes earlier: the (let ((default-file-modes ?\700))
>> should make sure that the directory created there is owned by the use
>> and not by some Administator group.

> That's a different problem.  I don't see how it can be solved without
> introducing a new primitive, which on Windows will DTRT.  (I think
> GNU/Linux and Unix systems that support ACLs will need a similar
> primitive, but I don't know enough about those to say for sure.)

> There are a few other places in Emacs other than server.el that make
> similar tests, for reasons other than making sure the file/directory
> is private to the current user.  Here's the list:

>  files.el:file-ownership-preserved-p
>  eshell/em-ls.el:eshell-ls-applicable
>  net/ange-ftp.el:ange-ftp-parse-netrc

> (the last one is actually quite similar to server.el).

I think we need to consider the testing part and the file (or dir)
creation part separately.  And my previous messages pointed out that the
core problem (securitywise) is in the creation part, which is hence
unrelated to the above 3 other cases.

>> Of course, on FAT there's just nothing we can do and the
>> server-ensure-safe-dir functionality simply cannot be provided, so we
>> should then just skip the safety checks,

> On FAT, all files belong to a user called Everyone, who has a special
> UID of 0, so I think all these checks will simply pass, or at least
> they should.

No, they shouldn't, since the tests are meant to ensure that only the
current user has write access, whereas FAT cannot provide this behavior.


        Stefan