From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Michael Albinus Newsgroups: gmane.emacs.bugs Subject: bug#45245: 28.0.50; Feature request: tramp sudo autosaves/backups shouldn't be exposed without right config Date: Mon, 14 Jun 2021 11:39:42 +0200 Message-ID: <877diwlr8h.fsf@gmx.de> References: <8c7e2715-a54a-3c3c-c644-a20ee46cc39d@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="10800"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) Cc: 45245@debbugs.gnu.org To: Vandrus =?UTF-8?Q?Zolt=C3=A1n?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Mon Jun 14 11:40:10 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lsj4j-0002fr-VG for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 14 Jun 2021 11:40:10 +0200 Original-Received: from localhost ([::1]:44482 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lsj4j-0000at-06 for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 14 Jun 2021 05:40:09 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55234) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lsj4c-0000Zz-EG for bug-gnu-emacs@gnu.org; Mon, 14 Jun 2021 05:40:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:33504) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lsj4c-0005u6-5G for bug-gnu-emacs@gnu.org; Mon, 14 Jun 2021 05:40:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lsj4b-0004V2-S4 for bug-gnu-emacs@gnu.org; Mon, 14 Jun 2021 05:40:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Michael Albinus Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 14 Jun 2021 09:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45245 X-GNU-PR-Package: emacs Original-Received: via spool by 45245-submit@debbugs.gnu.org id=B45245.162366359217276 (code B ref 45245); Mon, 14 Jun 2021 09:40:01 +0000 Original-Received: (at 45245) by debbugs.gnu.org; 14 Jun 2021 09:39:52 +0000 Original-Received: from localhost ([127.0.0.1]:45050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lsj4R-0004Ua-VB for submit@debbugs.gnu.org; Mon, 14 Jun 2021 05:39:52 -0400 Original-Received: from mout.gmx.net ([212.227.15.18]:37867) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lsj4Q-0004UN-0U for 45245@debbugs.gnu.org; Mon, 14 Jun 2021 05:39:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1623663583; bh=PwQyibeaaCf/WDN85aR7FlYHTLHQCEfT6JRJ0axWL60=; h=X-UI-Sender-Class:From:To:Cc:Subject:References:Date:In-Reply-To; b=jWDKWB/TV7DTcje0IzosfZpd014Z5bFpcjKYcdDSIA1DQDn2sD7ZHBP3lTsdq00NX wYrSqtNmBVNyQrt18D3YGbDoCFcsKVuHcqtXh73AKZWguNSIxyKJH6VZRXGvZnIiAh Q12+Qq/V9+9c1uZQBPCc57M2aUSNBDwI2WiAQJJ8= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Original-Received: from gandalf.gmx.de ([79.140.118.238]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MJmGZ-1ld7zS0Vz7-00KBdm; Mon, 14 Jun 2021 11:39:43 +0200 In-Reply-To: <8c7e2715-a54a-3c3c-c644-a20ee46cc39d@gmail.com> ("Vandrus =?UTF-8?Q?Zolt=C3=A1n?="'s message of "Mon, 14 Dec 2020 21:13:56 +0100") X-Provags-ID: V03:K1:h67R1muoCmGxNWW8T/9WoXX9rhzBplk3iD8j5C2Qs17Zt+BXLUT iQk4ilMFJ+hQs0zeiBeLWw5Sy2B70wB55jN5BMdDNcsDgUfj9hVeH5wYnJxFe6TQwV3GHeQ ZTIeDy5u0mOM9h1VC+G4uROupecjDHAHISzA7pNJ/7Q3pDRDVWkgMph/Bmam3myue2W6IZ6 98R4lFm4cC+LZ3HXw/G2g== X-UI-Out-Filterresults: notjunk:1;V03:K0:939yRNA9tXo=:UaffiLSBLG2qTlDDEydIda c9sdr4mIz+veveKmIR2uepnX9lY+HP+DvYvKegapt1JIhuchnOazPdqGfKRk+6s5s4d80Mng0 Ftl2C+wDmDWrpqVgo8oLrRJ9K7+B77U582Zdj3wGUAiqzB7nYJtcotzCt4+pbjcHspus32wvR 9wTSOWPZqlQjyD3V38H4gTTaP1vMAffUCQAvx6hhmGes44rzV4u390ydVWbhW4JeJnSzeRg6M evlTY+Mduvun4HDDF4AN92MtZJ34iftJaOAL854nusNBjnjLB/aUeiSO+kXPdkzfcChoNH5Ig MSwofOBAaTuZmvWh4qYJCR9qzZI9RWzRDSZz/2w9BIQ2jBfV9i8fCtDDQYOUBxyh3syj6Z9Vq hOIUN/is2TKK5XAnNfJE0+yw3YhAm0Cqnfu0F5B7waT1N6Q+RP8Xc56I33pinQJlWp0xWM3QG wTi2PhTSXfcMClFxYMsiXxw3Ek2ijNKoyCGUwLxH1qjOkNu/a+SAuNquA7RTRIh7bIG/zRzl2 O5+Q9TjRS43H/0QB3mvbKRIW+RqiEi+iTe2eCUSh20RqTtnHUZiY85Db92oSLEaOk6Lvy5zh1 cf2gPdyHY0IpOezwwr1iQArHqBYe/Q3OmaBESSIMTO67Ft9SNSPYwvsWpNyiaoMYQvSvZ4HNw DEMUfJa+88YdVHpeQ1PXobmy4+4QHuEebgWmc/Ii3WL7cQ4YP1P9hz1IXnzwBkENHkPdt4h9P rK9VxmA4Vu5LRLGdaw0OW9hyUsV1uCNqK1P70Hxg0BOxCg+jgEeuKZ5//EwpnvhS31lk1QqE X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:208472 Archived-At: Vandrus Zolt=C3=A1n writes: Hi Zolt=C3=A1n, > It's mentioned in (tramp)Auto-save and Backup that root owned file > could be exposed, but it would be more newbie friendly if emacs did > the right thing without configuration. The defaults for backups are > fine, but for autosaves are not. In emacs -Q after: > > C-x C-f /sudo::/tmp/secretfile > M-x do-auto-save > > There is a file '/tmp/#!sudo:root@hostname:!tmp!secretfile#' owned by > the user. > > Even if the defaults are fixed, there are problems. Protecting root > owned files is somewhat complicated. For example the user might not > use tramp from the beginning, but littering directories with backups > and autosaves files are easily seen and can be annoying enough to look > for a solution. Looking on the net the suggested code is some variant > of > > =C2=A0=C2=A0=C2=A0 (setq auto-save-file-name-transforms > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 '((".*" ,auto-save= -dir t))) > > =C2=A0=C2=A0=C2=A0 (setq backup-directory-alist > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 '("." ,backup-dir)) > > And then they are fine, until they start to use tramp, because the > autosaves/backups will be owned by the normal user even for sudo and > su methods. > For backups following the tramp manual is easy: > > =C2=A0=C2=A0=C2=A0=C2=A0 (customize-set-variable > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 'tramp-backup-directory-alist backup-direc= tory-alist) > > But the user could have forgotten already about the problem and never > look there. For autosaves there is not even info on how to achieve > something sensible. > > I suggest, that tramp could refuse exposing root-owned files or there > could be an easier switch to put all autosaves/backup in the same > directory which also deals with tramp. > > There is also a comparably minor problem of exposing the file name in > the autosave files. Finally, I've found the time to work on the problem. I've pushed a patch to master, that Tramp asks for confirmation for the first time a root-owned auto-save or backup file name is to be written to the local temporary directory. This is the most common case to handle. See also the Tramp manual patch about. Best regards, Michael.