bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files


From: Glenn Morris
Subject: bug#6953: 24.0.50; serious security bug in create backup files
Date: Thu, 02 Sep 2010 03:58:26 -0400
User-agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

markd@soe.ucsc.edu wrote:

> Oh, wait, it doesn't look like there is a problem with your patch,
> only the comment ;-)   backup-buffer-copy says:
>
>         ;; Create temp files with strict access rights.  It's easy to
>         ;; loosen them later, whereas it's impossible to close the
>         ;; time-window of loose permissions otherwise.

I don't know what this comment means. There are no "temp files" AFAICS
(unless copy-file creates some internally). I think this comment may
be a leftover from when this code used write-region rather than
copy-file. Indeed the whole mode-changing bit may be as well. C-h f
copy-file says: "This function always sets the file modes of the
output file to match the input file."

Eg:

touch ~/1
chmod 644 ~/1
(set-default-file-modes ?\700)
(copy-file "~/1" "~/2" t t t)
ls -l ~/2  # -> world readable





reply via email to

[Prev in Thread] Current Thread [Next in Thread]