From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Mark Diekhans Newsgroups: gmane.emacs.bugs Subject: bug#6953: 24.0.50; serious security bug in create backup files Date: Wed, 12 Jan 2011 13:56:03 -0800 Message-ID: <19758.9075.249901.710257@bugle.cse.ucsc.edu> References: <19757.60209.376657.941833@bugle.cse.ucsc.edu> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="4Nb593CLtx" Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1294871118 9182 80.91.229.12 (12 Jan 2011 22:25:18 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 12 Jan 2011 22:25:18 +0000 (UTC) To: 6953@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Jan 12 23:25:14 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Pd97w-0008Dd-V8 for geb-bug-gnu-emacs@m.gmane.org; Wed, 12 Jan 2011 23:25:13 +0100 Original-Received: from localhost ([127.0.0.1]:53594 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pd97w-0000Bz-6R for geb-bug-gnu-emacs@m.gmane.org; Wed, 12 Jan 2011 17:25:12 -0500 Original-Received: from [140.186.70.92] (port=50193 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pd973-0008BQ-4S for bug-gnu-emacs@gnu.org; Wed, 12 Jan 2011 17:24:18 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pd972-0004zz-3b for bug-gnu-emacs@gnu.org; Wed, 12 Jan 2011 17:24:16 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:55752) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Pd972-0004zt-0i for bug-gnu-emacs@gnu.org; Wed, 12 Jan 2011 17:24:16 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1Pd8Yw-0007br-9m; Wed, 12 Jan 2011 16:49:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Mark Diekhans Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 12 Jan 2011 21:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 6953 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 6953-submit@debbugs.gnu.org id=B6953.129486891529215 (code B ref 6953); Wed, 12 Jan 2011 21:49:02 +0000 Original-Received: (at 6953) by debbugs.gnu.org; 12 Jan 2011 21:48:35 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pd8YV-0007bA-2J for submit@debbugs.gnu.org; Wed, 12 Jan 2011 16:48:35 -0500 Original-Received: from services.cse.ucsc.edu ([128.114.48.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Pd8YT-0007ax-0n for 6953@debbugs.gnu.org; Wed, 12 Jan 2011 16:48:33 -0500 Original-Received: from bugle.cse.ucsc.edu (bugle.cse.ucsc.edu [128.114.56.11]) by services.cse.ucsc.edu (8.13.6/8.13.6) with ESMTP id p0CLu3wh004873 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <6953@debbugs.gnu.org>; Wed, 12 Jan 2011 13:56:03 -0800 (PST) Original-Received: (from markd@localhost) by bugle.cse.ucsc.edu (8.13.8/8.12.10) id p0CLu3nJ004774; Wed, 12 Jan 2011 13:56:03 -0800 In-Reply-To: X-Mailer: VM 8.1.1 under 23.2.1 (x86_64-unknown-linux-gnu) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Wed, 12 Jan 2011 16:49:02 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:43316 Archived-At: --4Nb593CLtx Content-Type: text/plain; charset=us-ascii Content-Description: message body text Content-Transfer-Encoding: 7bit Attached is a patch that I believe address both the ~/%backup%~ and ~/.emacs.d/ security issues. It works well for me on Linux. Mark --4Nb593CLtx Content-Type: text/plain; name="backup-security.patch" Content-Disposition: inline; filename="backup-security.patch" Content-Transfer-Encoding: 7bit === modified file 'doc/emacs/files.texi' --- doc/emacs/files.texi 2010-07-31 17:13:03 +0000 +++ doc/emacs/files.texi 2011-01-12 21:43:13 +0000 @@ -569,8 +569,8 @@ file for @file{eval.c} would be @file{eval.c~}. If access control stops Emacs from writing backup files under the usual -names, it writes the backup file as @file{%backup%~} in your home -directory. Only one such file can exist, so only the most recently +names, it writes the backup file as @file{~/.emacs.d/%backup%~}. +Only one such file can exist, so only the most recently made such backup is available. Emacs can also make @dfn{numbered backup files}. Numbered backup === modified file 'lisp/files.el' --- lisp/files.el 2011-01-08 21:22:19 +0000 +++ lisp/files.el 2011-01-12 20:55:55 +0000 @@ -3776,9 +3776,7 @@ (setq setmodes (list modes context backupname))) (file-error ;; If trouble writing the backup, write it in ~. - (setq backupname (expand-file-name - (convert-standard-filename - "~/%backup%~"))) + (setq backupname (locate-user-emacs-file "%backup%~")) (message "Cannot write backup file; backing up in %s" backupname) (sleep-for 1) === modified file 'lisp/subr.el' --- lisp/subr.el 2011-01-11 03:23:04 +0000 +++ lisp/subr.el 2011-01-12 20:53:20 +0000 @@ -2365,7 +2365,12 @@ (or noninteractive purify-flag (file-accessible-directory-p (directory-file-name user-emacs-directory)) - (make-directory user-emacs-directory)) + (let ((umask (default-file-modes))) + (unwind-protect + (progn + (set-default-file-modes ?\700) + (make-directory user-emacs-directory)) + (set-default-file-modes umask)))) (abbreviate-file-name (expand-file-name new-name user-emacs-directory)))))) --4Nb593CLtx--