bug#6953: 24.0.50; serious security bug in create backup files

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#6953: 24.0.50; serious security bug in create backup files

From:	Mark Diekhans
Subject:	bug#6953: 24.0.50; serious security bug in create backup files
Date:	Wed, 12 Jan 2011 13:56:03 -0800

Attached is a patch that I believe address both the ~/%backup%~ and
~/.emacs.d/ security issues.  It works well for me on Linux.

Mark

=== modified file 'doc/emacs/files.texi'
--- doc/emacs/files.texi        2010-07-31 17:13:03 +0000
+++ doc/emacs/files.texi        2011-01-12 21:43:13 +0000
@@ -569,8 +569,8 @@
 file for @file{eval.c} would be @file{eval.c~}.
 
   If access control stops Emacs from writing backup files under the usual
-names, it writes the backup file as @file{%backup%~} in your home
-directory.  Only one such file can exist, so only the most recently
+names, it writes the backup file as @file{~/.emacs.d/%backup%~}.
+Only one such file can exist, so only the most recently
 made such backup is available.
 
   Emacs can also make @dfn{numbered backup files}.  Numbered backup

=== modified file 'lisp/files.el'
--- lisp/files.el       2011-01-08 21:22:19 +0000
+++ lisp/files.el       2011-01-12 20:55:55 +0000
@@ -3776,9 +3776,7 @@
                        (setq setmodes (list modes context backupname)))
                    (file-error
                     ;; If trouble writing the backup, write it in ~.
-                    (setq backupname (expand-file-name
-                                      (convert-standard-filename
-                                       "~/%backup%~")))
+                    (setq backupname (locate-user-emacs-file "%backup%~"))
                     (message "Cannot write backup file; backing up in %s"
                              backupname)
                     (sleep-for 1)

=== modified file 'lisp/subr.el'
--- lisp/subr.el        2011-01-11 03:23:04 +0000
+++ lisp/subr.el        2011-01-12 20:53:20 +0000
@@ -2365,7 +2365,12 @@
        (or noninteractive
           purify-flag
           (file-accessible-directory-p (directory-file-name 
user-emacs-directory))
-          (make-directory user-emacs-directory))
+           (let ((umask (default-file-modes)))
+             (unwind-protect
+                 (progn
+                   (set-default-file-modes ?\700)
+                   (make-directory user-emacs-directory))
+               (set-default-file-modes umask))))
        (abbreviate-file-name
         (expand-file-name new-name user-emacs-directory))))))

[Prev in Thread]

Current Thread

[Next in Thread]

bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2011/01/11
- bug#6953: 24.0.50; serious security bug in create backup files, Stefan Monnier, 2011/01/12
  - bug#6953: 24.0.50; serious security bug in create backup files, Mark Diekhans, 2011/01/12
    - bug#6953: 24.0.50; serious security bug in create backup files, Glenn Morris, 2011/01/12
    - bug#6953: 24.0.50; serious security bug in create backup files, Mark Diekhans <=
    - bug#6953: 24.0.50; serious security bug in create backup files, Chong Yidong, 2011/01/14

Prev by Date: bug#7728: 24.0.50; GDB backtrace from abort
Next by Date: bug#7834: 24.0.50; doc of `put-image'
Previous by thread: bug#6953: 24.0.50; serious security bug in create backup files
Next by thread: bug#6953: 24.0.50; serious security bug in create backup files
Index(es):
- Date
- Thread