From: "Vandrus Zoltán" <vandrus.zoltan@gmail.com>
To: 45245@debbugs.gnu.org
Subject: bug#45245: 28.0.50; Feature request: tramp sudo autosaves/backups shouldn't be exposed without right config
Date: Mon, 14 Dec 2020 21:13:56 +0100 [thread overview]
Message-ID: <8c7e2715-a54a-3c3c-c644-a20ee46cc39d@gmail.com> (raw)
It's mentioned in (tramp)Auto-save and Backup that root owned file could
be exposed, but it would be more newbie friendly if emacs did the right
thing without configuration. The defaults for backups are fine, but for
autosaves are not. In emacs -Q after:
C-x C-f /sudo::/tmp/secretfile
M-x do-auto-save
There is a file '/tmp/#!sudo:root@hostname:!tmp!secretfile#' owned by
the user.
Even if the defaults are fixed, there are problems. Protecting root
owned files is somewhat complicated. For example the user might not use
tramp from the beginning, but littering directories with backups and
autosaves files are easily seen and can be annoying enough to look for a
solution. Looking on the net the suggested code is some variant of
(setq auto-save-file-name-transforms
'((".*" ,auto-save-dir t)))
(setq backup-directory-alist
'("." ,backup-dir))
And then they are fine, until they start to use tramp, because the
autosaves/backups will be owned by the normal user even for sudo and su
methods.
For backups following the tramp manual is easy:
(customize-set-variable
'tramp-backup-directory-alist backup-directory-alist)
But the user could have forgotten already about the problem and never
look there. For autosaves there is not even info on how to achieve
something sensible.
I suggest, that tramp could refuse exposing root-owned files or there
could be an easier switch to put all autosaves/backup in the same
directory which also deals with tramp.
There is also a comparably minor problem of exposing the file name in
the autosave files.
-------------
In GNU Emacs 28.0.50 (build 2, x86_64-pc-linux-gnu, GTK+ Version
3.24.24, cairo version 1.17.4)
of 2020-12-14
Repository revision: b857ea24f7bc5288faa920e6c3174cf1ee958b70
Repository branch: master
Windowing system distributor 'The X.Org Foundation', version 11.0.12010000
System Description: Arch Linux
Configured features:
XPM JPEG TIFF GIF PNG RSVG CAIRO SOUND GPM DBUS GSETTINGS GLIB NOTIFY
INOTIFY ACL GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF ZLIB
TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM MODULES THREADS LIBSYSTEMD JSON
PDUMPER LCMS2
Important settings:
value of $LC_TIME: C
value of $LANG: hu_HU.utf8
locale-coding-system: utf-8-unix
Major mode: Fundamental
Minor modes in effect:
shell-dirtrack-mode: t
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs
rfc822 mml mml-sec epa derived epg epg-config gnus-util rmail
rmail-loaddefs text-property-search mm-decode mm-bodies mm-encode
mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047
rfc2045 ietf-drums mm-util mail-prsvr mail-utils warnings misearch
multi-isearch tramp-cmds bug-reference noutline outline mule-util info
vc-hg vc-git diff-mode easy-mmode vc-bzr tramp-cache tramp-sh tramp
tramp-loaddefs trampver tramp-integration files-x tramp-compat shell
pcomplete comint ansi-color ring parse-time iso8601 ls-lisp format-spec
auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache json map time-date subr-x cl-extra seq byte-opt gv
bytecomp byte-compile cconv cl-print thingatpt help-fns radix-tree
help-mode easymenu cl-loaddefs cl-lib iso-transl tooltip eldoc electric
uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win
term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice button
loaddefs faces cus-face macroexp files window text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote threads dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting cairo
move-toolbar gtk x-toolkit x multi-tty make-network-process emacs)
Memory information:
((conses 16 94008 11777)
(symbols 48 9769 1)
(strings 32 35507 2034)
(string-bytes 1 1116270)
(vectors 16 16704)
(vector-slots 8 222506 9788)
(floats 8 52 269)
(intervals 56 737 240)
(buffers 984 16))
next reply other threads:[~2020-12-14 20:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-14 20:13 Vandrus Zoltán [this message]
2021-06-14 9:39 ` bug#45245: 28.0.50; Feature request: tramp sudo autosaves/backups shouldn't be exposed without right config Michael Albinus
2021-06-25 12:29 ` Michael Albinus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8c7e2715-a54a-3c3c-c644-a20ee46cc39d@gmail.com \
--to=vandrus.zoltan@gmail.com \
--cc=45245@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).