From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Chong Yidong <cyd@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#10403: epg--make-temp-file permissions race condition fixes
Date: Sat, 07 Jan 2012 15:12:25 +0800
Message-ID: <87r4zckmue.fsf@gnu.org>
References: <4EFCE840.4000405@cs.ucla.edu>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: dough.gmane.org 1325920392 18518 80.91.229.12 (7 Jan 2012 07:13:12 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Sat, 7 Jan 2012 07:13:12 +0000 (UTC)
Cc: 10403@debbugs.gnu.org, Paul Eggert <eggert@cs.ucla.edu>
To: Daiki Ueno <ueno@unixuser.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jan 07 08:13:07 2012
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RjQSf-0005WK-BV
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 07 Jan 2012 08:13:05 +0100
Original-Received: from localhost ([::1]:37983 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1RjQSe-0003ED-Qg
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 07 Jan 2012 02:13:04 -0500
Original-Received: from eggs.gnu.org ([140.186.70.92]:38073)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RjQSc-0003Dy-2F
	for bug-gnu-emacs@gnu.org; Sat, 07 Jan 2012 02:13:03 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RjQSa-0000Rq-VC
	for bug-gnu-emacs@gnu.org; Sat, 07 Jan 2012 02:13:02 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:52954)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RjQSa-0000Rm-SN
	for bug-gnu-emacs@gnu.org; Sat, 07 Jan 2012 02:13:00 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1RjQSb-0001qy-M2
	for bug-gnu-emacs@gnu.org; Sat, 07 Jan 2012 02:13:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Chong Yidong <cyd@gnu.org>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 07 Jan 2012 07:13:01 +0000
Resent-Message-ID: <handler.10403.B10403.13259203597093@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 10403
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Original-Received: via spool by 10403-submit@debbugs.gnu.org id=B10403.13259203597093
	(code B ref 10403); Sat, 07 Jan 2012 07:13:01 +0000
Original-Received: (at 10403) by debbugs.gnu.org; 7 Jan 2012 07:12:39 +0000
Original-Received: from localhost ([127.0.0.1]:47627 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1RjQSE-0001qL-RB
	for submit@debbugs.gnu.org; Sat, 07 Jan 2012 02:12:39 -0500
Original-Received: from fencepost.gnu.org ([140.186.70.10]:34896 ident=Debian-exim)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <cyd@gnu.org>) id 1RjQSB-0001qE-Tr
	for 10403@debbugs.gnu.org; Sat, 07 Jan 2012 02:12:37 -0500
Original-Received: from bb220-255-176-96.singnet.com.sg ([220.255.176.96]:47609
	helo=furball)
	by fencepost.gnu.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <cyd@gnu.org>)
	id 1RjQS9-0002rC-AZ; Sat, 07 Jan 2012 02:12:34 -0500
In-Reply-To: <4EFCE840.4000405@cs.ucla.edu> (Paul Eggert's message of "Thu, 29
	Dec 2011 14:22:56 -0800")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.92 (gnu/linux)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:55484
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/55484>

Could you review the patch posted by Paul?  Thanks.


Paul Eggert <eggert@cs.ucla.edu> writes:

> === modified file 'lisp/ChangeLog'
> --- lisp/ChangeLog	2011-12-29 21:55:33 +0000
> +++ lisp/ChangeLog	2011-12-29 22:08:29 +0000
> @@ -1,5 +1,8 @@
>  2011-12-29  Paul Eggert  <eggert@cs.ucla.edu>
>  
> +	* epg.el (epg--make-temp-file): Avoid permission race conditions
> +	when creating temporary directories and files on older Emacs.
> +
>  	* files.el (move-file-to-trash): Preserve default file modes on error.
>  	(Bug#10401)
>  
>
> === modified file 'lisp/epg.el'
> --- lisp/epg.el	2011-11-23 07:03:56 +0000
> +++ lisp/epg.el	2011-12-29 22:08:29 +0000
> @@ -1951,14 +1951,16 @@
>  of PREFIX, and expanding against `temporary-file-directory' if necessary),
>  is guaranteed to point to a newly created empty file.
>  You can then use `write-region' to write new data into the file."
> -      (let (tempdir tempfile)
> +      (let (tempdir tempfile orig-modes)
>  	(setq prefix (expand-file-name prefix
>  				       (if (featurep 'xemacs)
>  					   (temp-directory)
>  					 temporary-file-directory)))
> +	(setq orig-modes (default-file-modes))
>  	(unwind-protect
>  	    (let (file)
>  	      ;; First, create a temporary directory.
> +	      (set-default-file-modes #o700)
>  	      (while (condition-case ()
>  			 (progn
>  			   (setq tempdir (make-temp-name
> @@ -1969,14 +1971,12 @@
>  			   (make-directory tempdir))
>  		       ;; let's try again.
>  		       (file-already-exists t)))
> -	      (set-file-modes tempdir 448)
>  	      ;; Second, create a temporary file in the tempdir.
>  	      ;; There *is* a race condition between `make-temp-name'
>  	      ;; and `write-region', but we don't care it since we are
>  	      ;; in a private directory now.
>  	      (setq tempfile (make-temp-name (concat tempdir "/EMU")))
>  	      (write-region "" nil tempfile nil 'silent)
> -	      (set-file-modes tempfile 384)
>  	      ;; Finally, make a hard-link from the tempfile.
>  	      (while (condition-case ()
>  			 (progn
> @@ -1986,6 +1986,7 @@
>  		       ;; let's try again.
>  		       (file-already-exists t)))
>  	      file)
> +	  (set-default-file-modes orig-modes)
>  	  ;; Cleanup the tempfile.
>  	  (and tempfile
>  	       (file-exists-p tempfile)