* bug#17187: 24.3.50.1 open-dribble-file stores pw @ 2014-04-04 17:35 Andreas Röhler 2014-04-04 21:42 ` Glenn Morris 0 siblings, 1 reply; 15+ messages in thread From: Andreas Röhler @ 2014-04-04 17:35 UTC (permalink / raw) To: 17187 Emacs -Q from 2014-02-19 Passwort gets stored in plain text ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-04 17:35 bug#17187: 24.3.50.1 open-dribble-file stores pw Andreas Röhler @ 2014-04-04 21:42 ` Glenn Morris 2014-04-05 7:54 ` Andreas Röhler ` (2 more replies) 0 siblings, 3 replies; 15+ messages in thread From: Glenn Morris @ 2014-04-04 21:42 UTC (permalink / raw) To: 17187 As suggested a decade ago, http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html the dribble file should be created with file permission bits = 600. ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-04 21:42 ` Glenn Morris @ 2014-04-05 7:54 ` Andreas Röhler 2014-04-05 7:58 ` Andreas Röhler 2014-04-05 15:50 ` Stefan Monnier 2 siblings, 0 replies; 15+ messages in thread From: Andreas Röhler @ 2014-04-05 7:54 UTC (permalink / raw) To: 17187 Am 04.04.2014 23:42, schrieb Glenn Morris: > > As suggested a decade ago, > > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > > the dribble file should be created with file permission bits = 600. So why Emacs doesn't set permissions accordingly? ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-04 21:42 ` Glenn Morris 2014-04-05 7:54 ` Andreas Röhler @ 2014-04-05 7:58 ` Andreas Röhler 2014-04-05 15:50 ` Stefan Monnier 2 siblings, 0 replies; 15+ messages in thread From: Andreas Röhler @ 2014-04-05 7:58 UTC (permalink / raw) To: 17187 Am 04.04.2014 23:42, schrieb Glenn Morris: > > As suggested a decade ago, > > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > > the dribble file should be created with file permission bits = 600. > BTW IMHO it's a serious security-hole, should be flagged accordingly. There will be numerous users with these kind of stuff during session. ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-04 21:42 ` Glenn Morris 2014-04-05 7:54 ` Andreas Röhler 2014-04-05 7:58 ` Andreas Röhler @ 2014-04-05 15:50 ` Stefan Monnier 2014-04-05 16:37 ` Andreas Röhler 2014-04-05 17:22 ` Glenn Morris 2 siblings, 2 replies; 15+ messages in thread From: Stefan Monnier @ 2014-04-05 15:50 UTC (permalink / raw) To: Glenn Morris; +Cc: 17187 severity 17187 important thanks > As suggested a decade ago, > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > the dribble file should be created with file permission bits = 600. Very much agreed. Stefan ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 15:50 ` Stefan Monnier @ 2014-04-05 16:37 ` Andreas Röhler 2014-04-05 16:55 ` Andreas Schwab 2014-04-05 17:22 ` Glenn Morris 1 sibling, 1 reply; 15+ messages in thread From: Andreas Röhler @ 2014-04-05 16:37 UTC (permalink / raw) To: 17187 Am 05.04.2014 17:50, schrieb Stefan Monnier: > severity 17187 important > thanks > >> As suggested a decade ago, >> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >> the dribble file should be created with file permission bits = 600. > > Very much agreed. > > > Stefan > Will that solve the matter already? IMO a pw should never be stored as plain-text. File-permissions are not considered save in that context. Should be a way to replace the chars by "*" for example before writing it. Andreas ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 16:37 ` Andreas Röhler @ 2014-04-05 16:55 ` Andreas Schwab 2014-04-05 18:07 ` Andreas Röhler 0 siblings, 1 reply; 15+ messages in thread From: Andreas Schwab @ 2014-04-05 16:55 UTC (permalink / raw) To: Andreas Röhler; +Cc: 17187 Andreas Röhler <andreas.roehler@easy-emacs.de> writes: > Will that solve the matter already? IMO a pw should never be stored as plain-text. The dribble file does not know what a password is. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 16:55 ` Andreas Schwab @ 2014-04-05 18:07 ` Andreas Röhler 2014-04-05 19:24 ` Andreas Schwab 0 siblings, 1 reply; 15+ messages in thread From: Andreas Röhler @ 2014-04-05 18:07 UTC (permalink / raw) To: Andreas Schwab; +Cc: 17187 Am 05.04.2014 18:55, schrieb Andreas Schwab: > Andreas Röhler <andreas.roehler@easy-emacs.de> writes: > >> Will that solve the matter already? IMO a pw should never be stored as plain-text. > > The dribble file does not know what a password is. > > Andreas. > As Emacs shell sent as prompt for pw, at least Emacs knows. All remains to do is to ship that info. ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 18:07 ` Andreas Röhler @ 2014-04-05 19:24 ` Andreas Schwab 0 siblings, 0 replies; 15+ messages in thread From: Andreas Schwab @ 2014-04-05 19:24 UTC (permalink / raw) To: Andreas Röhler; +Cc: 17187 Andreas Röhler <andreas.roehler@easy-emacs.de> writes: > Am 05.04.2014 18:55, schrieb Andreas Schwab: >> Andreas Röhler <andreas.roehler@easy-emacs.de> writes: >> >>> Will that solve the matter already? IMO a pw should never be stored as plain-text. >> >> The dribble file does not know what a password is. >> >> Andreas. >> > > As Emacs shell sent as prompt for pw, at least Emacs knows. Not at this level. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 15:50 ` Stefan Monnier 2014-04-05 16:37 ` Andreas Röhler @ 2014-04-05 17:22 ` Glenn Morris 2014-04-05 22:02 ` Stefan Monnier 1 sibling, 1 reply; 15+ messages in thread From: Glenn Morris @ 2014-04-05 17:22 UTC (permalink / raw) To: Stefan Monnier; +Cc: 17187 Stefan Monnier wrote: >> As suggested a decade ago, >> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >> the dribble file should be created with file permission bits = 600. > > Very much agreed. PS maybe it should also abort with an error if the file already exists (and is a symlink or is not owned by the current user?). ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 17:22 ` Glenn Morris @ 2014-04-05 22:02 ` Stefan Monnier 2014-04-05 23:01 ` Glenn Morris 0 siblings, 1 reply; 15+ messages in thread From: Stefan Monnier @ 2014-04-05 22:02 UTC (permalink / raw) To: Glenn Morris; +Cc: 17187 >>> As suggested a decade ago, >>> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >>> the dribble file should be created with file permission bits = 600. >> Very much agreed. > PS maybe it should also abort with an error if the file already exists > (and is a symlink or is not owned by the current user?). You mean it should be created with EXCL? Maybe. Then again, AFAIK this is only used for debugging purposes, so I'm not sure it's that important and you could assume that the user will normally specify a file in a directory she owns, where the attacker shouldn't be able to place a surreptitious symlink. Stefan ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 22:02 ` Stefan Monnier @ 2014-04-05 23:01 ` Glenn Morris 2014-04-05 23:14 ` Daniel Colascione 2014-04-11 5:49 ` Glenn Morris 0 siblings, 2 replies; 15+ messages in thread From: Glenn Morris @ 2014-04-05 23:01 UTC (permalink / raw) To: Stefan Monnier; +Cc: 17187 Lightly tested: *** src/keyboard.c 2014-04-05 18:33:55 +0000 --- src/keyboard.c 2014-04-05 22:59:00 +0000 *************** *** 20,25 **** --- 20,26 ---- #include <config.h> #include "sysstdio.h" + #include <sys/stat.h> #include "lisp.h" #include "termchar.h" *************** *** 10085,10092 **** } if (!NILP (file)) { file = Fexpand_file_name (file, Qnil); ! dribble = emacs_fopen (SSDATA (file), "w"); if (dribble == 0) report_file_error ("Opening dribble", file); } --- 10086,10100 ---- } if (!NILP (file)) { + int fd; file = Fexpand_file_name (file, Qnil); ! if (! NILP (Ffile_exists_p (file))) ! { ! if (chmod (SSDATA (file), 0600) < 0) ! report_file_error ("Doing chmod", file); ! } ! fd = emacs_open (SSDATA (file), O_WRONLY | O_CREAT | O_TRUNC, 0600); ! dribble = fd < 0 ? 0 : fdopen (fd, "w"); if (dribble == 0) report_file_error ("Opening dribble", file); } ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 23:01 ` Glenn Morris @ 2014-04-05 23:14 ` Daniel Colascione 2014-04-06 2:05 ` Glenn Morris 2014-04-11 5:49 ` Glenn Morris 1 sibling, 1 reply; 15+ messages in thread From: Daniel Colascione @ 2014-04-05 23:14 UTC (permalink / raw) To: Glenn Morris, Stefan Monnier; +Cc: 17187 [-- Attachment #1: Type: text/plain, Size: 934 bytes --] On 04/05/2014 04:01 PM, Glenn Morris wrote: > *************** > *** 10085,10092 **** > } > if (!NILP (file)) > { > file = Fexpand_file_name (file, Qnil); > ! dribble = emacs_fopen (SSDATA (file), "w"); > if (dribble == 0) > report_file_error ("Opening dribble", file); > } > --- 10086,10100 ---- > } > if (!NILP (file)) > { > + int fd; > file = Fexpand_file_name (file, Qnil); > ! if (! NILP (Ffile_exists_p (file))) > ! { > ! if (chmod (SSDATA (file), 0600) < 0) > ! report_file_error ("Doing chmod", file); > ! } > ! fd = emacs_open (SSDATA (file), O_WRONLY | O_CREAT | O_TRUNC, 0600); > ! dribble = fd < 0 ? 0 : fdopen (fd, "w"); > if (dribble == 0) That's racy. What about using fchmod and falling back to post-open chmod for systems that don't have fchmod? [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 901 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 23:14 ` Daniel Colascione @ 2014-04-06 2:05 ` Glenn Morris 0 siblings, 0 replies; 15+ messages in thread From: Glenn Morris @ 2014-04-06 2:05 UTC (permalink / raw) To: Daniel Colascione; +Cc: 17187 Daniel Colascione wrote: > That's racy. What about using fchmod and falling back to post-open chmod > for systems that don't have fchmod? I'm no C coder, please feel free to improve it. But IIUC it's been argued that we don't need to guard against malicious intent here, only user oversight. ^ permalink raw reply [flat|nested] 15+ messages in thread
* bug#17187: 24.3.50.1 open-dribble-file stores pw 2014-04-05 23:01 ` Glenn Morris 2014-04-05 23:14 ` Daniel Colascione @ 2014-04-11 5:49 ` Glenn Morris 1 sibling, 0 replies; 15+ messages in thread From: Glenn Morris @ 2014-04-11 5:49 UTC (permalink / raw) To: 17187-done Version: 24.4 File now created private. ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2014-04-11 5:49 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-04-04 17:35 bug#17187: 24.3.50.1 open-dribble-file stores pw Andreas Röhler 2014-04-04 21:42 ` Glenn Morris 2014-04-05 7:54 ` Andreas Röhler 2014-04-05 7:58 ` Andreas Röhler 2014-04-05 15:50 ` Stefan Monnier 2014-04-05 16:37 ` Andreas Röhler 2014-04-05 16:55 ` Andreas Schwab 2014-04-05 18:07 ` Andreas Röhler 2014-04-05 19:24 ` Andreas Schwab 2014-04-05 17:22 ` Glenn Morris 2014-04-05 22:02 ` Stefan Monnier 2014-04-05 23:01 ` Glenn Morris 2014-04-05 23:14 ` Daniel Colascione 2014-04-06 2:05 ` Glenn Morris 2014-04-11 5:49 ` Glenn Morris
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).