From: Glenn Morris <rgm@gnu.org>
To: 29182@debbugs.gnu.org
Subject: bug#29182: CVE-2017-1000383: umask and backup files
Date: Mon, 06 Nov 2017 20:57:26 -0500 [thread overview]
Message-ID: <6tefpag8ah.fsf@fencepost.gnu.org> (raw)
In-Reply-To: <v4lq7ysu5.fsf@fencepost.gnu.org> (Glenn Morris's message of "Mon, 06 Nov 2017 16:56:18 -0500")
I think the actual complaint appears at http://seclists.org/oss-sec/2017/q4/159
and could be summarized as "if you create a file, then make your umask
more restrictive, then edit it with Emacs, the backup file inherits the
same permissions as the original file, not the more restrictive umask
permissions".
Eg:
umask 002
touch foo
ls -l foo # -> -rw-rw-r--
umask 007
emacs-25.3 -Q foo
make some changes and save
touch foo2
ls -l foo*
foo -rw-rw-r--.
foo~ -rw-rw-r--.
foo2 -rw-rw----.
(With backup-by-copying non-nil, the result is the same.)
I don't really know what my opinion of this issue is...
I imagine I would have made the same reply as
http://seclists.org/oss-sec/2017/q4/184
[Emacs] copies the permission from the file being edited. Although the
[backup] file is readable by others this does not leak any information
here, since the file being edited is already readable by others.
but this is dismissed with:
...it doesn't matter because a security assertion made via umask is
being violated, so it wins a CVE. Also for example if you later delete
that file and think you're safe the copy is still floating around
world readable. Or you have something indexing the files and ignoring
that file type, and the [~] gets indexed, and so on.
Anyway, you can probably find every shade of opinion on what to do about
this already expressed in that oss-sec thread or the related vim one.
I think I've found it useful many, many times that ~ files have the same
permissions as the originals.
next prev parent reply other threads:[~2017-11-07 1:57 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-06 21:56 bug#29182: CVE-2017-1000383: umask and backup files Glenn Morris
2017-11-07 1:57 ` Glenn Morris [this message]
2017-11-07 19:29 ` Glenn Morris
2017-11-13 22:04 ` Glenn Morris
2017-11-14 15:24 ` Eli Zaretskii
2019-10-06 4:08 ` Stefan Kangas
2019-10-06 13:17 ` Noam Postavsky
2019-10-08 6:05 ` Glenn Morris
2019-10-08 9:24 ` Stefan Kangas
2020-08-10 16:25 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6tefpag8ah.fsf@fencepost.gnu.org \
--to=rgm@gnu.org \
--cc=29182@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).