[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Curious permission problem
|
From: |
Michael Albinus |
|
Subject: |
Re: Curious permission problem |
|
Date: |
Wed, 17 Feb 2010 15:32:52 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.92 (gnu/linux) |
Ole Laursen <address@hidden> writes:
> (defun tramp-default-file-modes (filename)
> (tramp-octal-to-decimal "0666"))
That's a security threat. You might open root owned files from a remote
server. Everybody can read those file on your local server, from the
tmp directory.
>> And yes, I believe Emacs shall follow file system conventions.
>> Otherwise, it would bypass the given security level, which might result
>> in undesired weaknesses.
>
> As I see it, the problem is that you can't just map the permissions
> directly from one system to another system because the users aren't
> the same on the two? Actually, from a security point of view, the only
> thing I care about is that nobody else on my local machine can
> accidentally read the file, unless they can also read it on the remote
> machine. Are there any other goals?
That's the major point, yes.
Using the same file permissions on different machines, for different
users, is a weakness in Tramp. OTOH, it makes sense, if you use your own
identity on different machines, even if the user names are
different.
Hmm. Other programs, like "scp -p", do the same.
Maybe we shall add an option to Tramp, that all group and world
permissions are nuked when copying. So you can decide how to do it.
>> PS: does the patch works for you, reading that file?
>
> I don't have a development environment handy so I haven't figured out
> how to test it yet. If you can attach the whole function, then I can
> just override it from my .emacs, that would make it a bit easier?
--8<---------------cut here---------------start------------->8---
(defun tramp-handle-insert-file-contents
(filename &optional visit beg end replace)
"Like `insert-file-contents' for Tramp files."
(barf-if-buffer-read-only)
(setq filename (expand-file-name filename))
(let (coding-system-used result local-copy remote-copy)
(with-parsed-tramp-file-name filename nil
(unwind-protect
(if (not (file-exists-p filename))
;; We don't raise a Tramp error, because it might be
;; suppressed, like in `find-file-noselect-1'.
(signal 'file-error
(list "File not found on remote host" filename))
(if (and (tramp-local-host-p v)
(let (file-name-handler-alist)
(file-readable-p localname)))
;; Short track: if we are on the local host, we can
;; run directly.
(setq result
(tramp-run-real-handler
'insert-file-contents
(list localname visit beg end replace)))
;; When we shall insert only a part of the file, we copy
;; this part.
(when (or beg end)
(setq remote-copy (tramp-make-tramp-temp-file v))
(tramp-send-command
v
(cond
((and beg end)
(format "tail -c +%d %s | head -c +%d >%s"
(1+ beg) (tramp-shell-quote-argument localname)
(- end beg) remote-copy))
(beg
(format "tail -c +%d %s >%s"
(1+ beg) (tramp-shell-quote-argument localname)
remote-copy))
(end
(format "head -c +%d %s >%s"
(1+ end) (tramp-shell-quote-argument localname)
remote-copy)))))
;; `insert-file-contents-literally' takes care to avoid
;; calling jka-compr. By let-binding
;; `inhibit-file-name-operation', we propagate that care
;; to the `file-local-copy' operation.
(setq local-copy
(let ((inhibit-file-name-operation
(when (eq inhibit-file-name-operation
'insert-file-contents)
'file-local-copy)))
(cond
((stringp remote-copy)
(file-local-copy
(tramp-make-tramp-file-name
method user host remote-copy)))
((stringp tramp-temp-buffer-file-name)
(copy-file filename tramp-temp-buffer-file-name 'ok)
tramp-temp-buffer-file-name)
(t (file-local-copy filename)))))
;; When the file is not readable for the owner, it
;; cannot be inserted, even it is redable for the group
;; or for everybody.
(set-file-modes local-copy (tramp-octal-to-decimal "0600"))
(when (and (null remote-copy)
(tramp-get-method-parameter
method 'tramp-copy-keep-tmpfile))
;; We keep the local file for performance reasons,
;; useful for "rsync".
(setq tramp-temp-buffer-file-name local-copy)
(put 'tramp-temp-buffer-file-name 'permanent-local t))
(tramp-message
v 4 "Inserting local temp file `%s'..." local-copy)
;; We must ensure that `file-coding-system-alist'
;; matches `local-copy'.
(let ((file-coding-system-alist
(tramp-find-file-name-coding-system-alist
filename local-copy)))
(setq result
(insert-file-contents
local-copy nil nil nil replace))
;; Now `last-coding-system-used' has right value.
;; Remember it.
(when (boundp 'last-coding-system-used)
(setq coding-system-used
(symbol-value 'last-coding-system-used))))
(tramp-message
v 4 "Inserting local temp file `%s'...done" local-copy)
(when (boundp 'last-coding-system-used)
(set 'last-coding-system-used coding-system-used))))
;; Save exit.
(progn
(when visit
(setq buffer-file-name filename)
(setq buffer-read-only (not (file-writable-p filename)))
(set-visited-file-modtime)
(set-buffer-modified-p nil))
(when (and (stringp local-copy)
(or remote-copy (null tramp-temp-buffer-file-name)))
(delete-file local-copy))
(when (stringp remote-copy)
(delete-file
(tramp-make-tramp-file-name method user host remote-copy))))))
;; Result.
(list (expand-file-name filename)
(cadr result))))
--8<---------------cut here---------------end--------------->8---
> Ole
Best regards, Michael.
- Curious permission problem, Ole Laursen, 2010/02/17
- Re: Curious permission problem, Ole Laursen, 2010/02/17
- Re: Curious permission problem, Michael Albinus, 2010/02/17
- Re: Curious permission problem, Ole Laursen, 2010/02/17
- Re: Curious permission problem, Michael Albinus, 2010/02/17
- Re: Curious permission problem, Ole Laursen, 2010/02/17
- Re: Curious permission problem,
Michael Albinus <=
- Re: Curious permission problem, Ole Laursen, 2010/02/18
- Re: Curious permission problem, Michael Albinus, 2010/02/18
- Re: Curious permission problem, Ole Laursen, 2010/02/18
- Re: Curious permission problem, Michael Albinus, 2010/02/22
- Re: Curious permission problem, Ole Laursen, 2010/02/22
Re: Curious permission problem, Michael Albinus, 2010/02/17