[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#6953: 24.0.50; serious security bug in create backup files
|
From: |
Glenn Morris |
|
Subject: |
bug#6953: 24.0.50; serious security bug in create backup files |
|
Date: |
Thu, 02 Sep 2010 01:38:42 -0400 |
|
User-agent: |
Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) |
Mark Diekhans wrote:
> Emacs, should create the last ditch backup file as access only by the
> user (no group or other access) before any data is written to the file
>
> Also, ~/%backup%~ should be configurable in a variable rather than hard
> coded in lisp files.el.
I don't think it is necessary for this to be configurable because it
is just a fallback in case of error. Eg you can customize
backup-directory-alist to control where backups normally go.
A partial solution for the first problem is simple (below).
Perhaps it would be better to use a private directory inside
user-emacs-directory. But that is less visible, and maybe these files
are supposed to be noticed?
*** lisp/files.el 2010-08-18 08:07:58 +0000
--- lisp/files.el 2010-08-31 18:33:34 +0000
***************
*** 3681,3687 ****
(message "Cannot write backup file; backing up in %s"
backupname)
(sleep-for 1)
! (backup-buffer-copy real-file-name backupname modes)))
(setq buffer-backed-up t)
;; Now delete the old versions, if desired.
(if delete-old-versions
--- 3681,3691 ----
(message "Cannot write backup file; backing up in %s"
backupname)
(sleep-for 1)
! ;; The original file may have been in a private
! ;; directory, home might not be private. (Bug#6953)
! ;; Not a perfect solution since the file is only
! ;; made private after being written.
! (backup-buffer-copy real-file-name backupname #o0600)))
(setq buffer-backed-up t)
;; Now delete the old versions, if desired.
(if delete-old-versions
- bug#6953: 24.0.50; serious security bug in create backup files,
Glenn Morris <=
- bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, markd, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, Mark Diekhans, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/07
- bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/08
- bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/08
- bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/08
- bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/09
- bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/09