emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: creating backups in temporary directories


From: Stefan Monnier
Subject: Re: creating backups in temporary directories
Date: Sun, 09 Sep 2007 15:44:56 -0400
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/23.0.50 (gnu/linux)

>     IIUC this depends on backup-by-copying.  If backup-by-copying is nil,
>     then the problem is indeed not present, but you get another one
>     insted: right after Emacs moves /tmp/foo to /tmp/foo~ another user can
>     add a symlink /tmp/foo that points to an interesting place and then
>     when Emacs subsequently writes the new /tmp/foo it gets written to the
>     location chosen by the attacker.

> I think we can't do anything to get rid of that problem.

I'd tend to agree.

> Writing thru symlinks is an important feature;

Very much so.

> if other people can create the symlink, it follows inevitably that they
> could do this.

In a directory with mode 777, that's true: everything is dangerous.
But in a directory with mode 1777 when you open a file that *you* own,
nobody else can remove it or rename it, so normally nobody can replace it
with a symlink.  Emacs creates the problem when it moves /tmp/foo to
/tmp/foo~ at which point /tmp/foo is free for an attacker to take.


        Stefan




reply via email to

[Prev in Thread] Current Thread [Next in Thread]