Re: backup method

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: backup method

From:	Han Boetes
Subject:	Re: backup method
Date:	Sun, 30 Jan 2005 22:51:46 +0059
User-agent:	Mutt/1.5.6i

Stefan Monnier wrote:
> Han Boetes wrote:
> > So I suggest not making backupfiles in world-writable
> > directories.
>
> Agreed. It's a security hole since the backup file name is
> predictable.
>
> > At least not in the world-writable directory itself. I setup
> > ~/.tmp/backups as my backups dir here.
>
> Of course the deciding factor is whether the directory where the
> backup file will be put is world-writable.

Of course this problem applies to multiple editors. I also
mentioned this problem to the OpenBSD-project regarding ``mg'' a
mini emacs-clone. And they also recognized the problem. Todd
Miller had the following to say:

Todd Miller wrote:
> I don't think this is the best way to do it. I think what we
> really want is to use mkstemp() to create the temp file and then
> just rename() it to the predictable name. If the rename fails,
> we know someone is trying to attach us. If not, we are safe.

Which is of course an elegant way to solve the whole business.

Check this URL for the whole thread:

  http://marc.theaimsgroup.com/?t=110708237600001&r=1&w=2



# Han

[Prev in Thread]

Current Thread

[Next in Thread]

Re: backup method, (continued)

Prev by Date: Re: New undo element (fun . args)
Next by Date: Re: Customize buttons that change user's custom file should ask forconfirmation
Previous by thread: Re: backup method
Next by thread: Re: backup method
Index(es):
- Date
- Thread