From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: markd@soe.ucsc.edu Newsgroups: gmane.emacs.bugs Subject: bug#6953: 24.0.50; serious security bug in create backup files Date: Wed, 29 Sep 2010 07:25:31 -0700 Message-ID: <19619.19547.22642.802345@bugle.cse.ucsc.edu> References: <19583.19642.954872.847808@bugle.cse.ucsc.edu> <19583.53728.357608.629758@bugle.cse.ucsc.edu> <4mzkvs44no.fsf@fencepost.gnu.org> <83zkvl50ly.fsf@gnu.org> <8762xt1smh.fsf@stupidchicken.com> <87aan1ye23.fsf@stupidchicken.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1285771303 25754 80.91.229.12 (29 Sep 2010 14:41:43 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 29 Sep 2010 14:41:43 +0000 (UTC) Cc: 6953@debbugs.gnu.org, Chong Yidong To: rms@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Sep 29 16:41:41 2010 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1P0xql-0003WY-Rs for geb-bug-gnu-emacs@m.gmane.org; Wed, 29 Sep 2010 16:41:40 +0200 Original-Received: from localhost ([127.0.0.1]:51535 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1P0xql-0005vb-AS for geb-bug-gnu-emacs@m.gmane.org; Wed, 29 Sep 2010 10:41:39 -0400 Original-Received: from [140.186.70.92] (port=53921 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1P0xqa-0005sX-SQ for bug-gnu-emacs@gnu.org; Wed, 29 Sep 2010 10:41:33 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1P0xqV-00059g-5m for bug-gnu-emacs@gnu.org; Wed, 29 Sep 2010 10:41:28 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:53193) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1P0xqV-00059Z-2w for bug-gnu-emacs@gnu.org; Wed, 29 Sep 2010 10:41:23 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1P0xYk-00057s-A8; Wed, 29 Sep 2010 10:23:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: markd@soe.ucsc.edu Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 29 Sep 2010 14:23:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 6953 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 6953-submit@debbugs.gnu.org id=B6953.128577016219697 (code B ref 6953); Wed, 29 Sep 2010 14:23:02 +0000 Original-Received: (at 6953) by debbugs.gnu.org; 29 Sep 2010 14:22:42 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1P0xYP-00057e-AI for submit@debbugs.gnu.org; Wed, 29 Sep 2010 10:22:41 -0400 Original-Received: from services.cse.ucsc.edu ([128.114.48.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1P0xYM-00057V-PB for 6953@debbugs.gnu.org; Wed, 29 Sep 2010 10:22:39 -0400 Original-Received: from bugle.cse.ucsc.edu (bugle.cse.ucsc.edu [128.114.56.11]) by services.cse.ucsc.edu (8.13.6/8.13.6) with ESMTP id o8TEPVYA004381 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 29 Sep 2010 07:25:31 -0700 (PDT) Original-Received: (from markd@localhost) by bugle.cse.ucsc.edu (8.13.8/8.12.10) id o8TEPVKS021425; Wed, 29 Sep 2010 07:25:31 -0700 In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Wed, 29 Sep 2010 10:23:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:40541 Archived-At: Just to clarify, this is the fallback backup file, ~/%backup%~, not backup files in general. The current approach provides an very limited and arbitrary approach to preventing data lose: - there only one ~/%backup%~ so it's arbitrary from the users prospective which buffer actually gets a fallback backup. - these is no control over where this is saved, it may very well be the file system were the primary backup file could not be created due to lack of disk space. My experience in over 20 years of using emacs, this has never been of any value. The down side of the current implementation is extremely serious, potentially exposing private or sensitive data to all users of the file system. In my case, exposing a mail box to hundreds of users. I would argue that this is far more serious a problem than the very limited data lose prevent provided by the current implementation. thanks much for how seriously this is being taken, mark Richard Stallman writes: > > Do you mean, make no backup file at all. > > Yeah. > > To make no backup file seems like a gross insecurity to me. ,