bug#6953: 24.0.50; serious security bug in create backup files

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files

From:	markd
Subject:	bug#6953: 24.0.50; serious security bug in create backup files
Date:	Thu, 2 Sep 2010 00:05:30 -0700

Hi Glenn

Glenn Morris <rgm@gnu.org> writes:
> I don't think it is necessary for this to be configurable because it
> is just a fallback in case of error. Eg you can customize
> backup-directory-alist to control where backups normally go.

Not necessary, but useful if you have something like a very
small amount of space on the home file system or to put it in a
protected directory.  Also, it's just emacs-like to have all of
this stuff in variable.

I am still concerned about the window you mention in this fix.
IMHO, it's much worse to reveal sensitive data that to just lose
changes to it.  There should at least be an option to completely
disable the ~/%backup%~ functionality.

Oh, wait, it doesn't look like there is a problem with your patch,
only the comment ;-)   backup-buffer-copy says:

          ;; Create temp files with strict access rights.  It's easy to
          ;; loosen them later, whereas it's impossible to close the
          ;; time-window of loose permissions otherwise.

thanks
Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/02
- bug#6953: 24.0.50; serious security bug in create backup files, markd <=
  - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/02
    - bug#6953: 24.0.50; serious security bug in create backup files, Mark Diekhans, 2010/09/02
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/07
    - bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/08
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/08
    - bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/08
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/09
    - bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2010/09/09
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2010/09/09
    - bug#6953: 24.0.50; serious security bug in create backup files, Eli Zaretskii, 2010/09/13

Prev by Date: bug#6953: 24.0.50; serious security bug in create backup files
Next by Date: bug#6941: 24.0.50; yank doesn't return latest kill
Previous by thread: bug#6953: 24.0.50; serious security bug in create backup files
Next by thread: bug#6953: 24.0.50; serious security bug in create backup files
Index(es):
- Date
- Thread