From: Paul Eggert <eggert@cs.ucla.edu>
To: Tino Calancha <tino.calancha@gmail.com>
Cc: 37445@debbugs.gnu.org
Subject: bug#37445: 27.0.50; Permission denied after make install
Date: Fri, 20 Sep 2019 02:10:10 -0700 [thread overview]
Message-ID: <a447510f-da03-baae-58a3-0d2035603acc@cs.ucla.edu> (raw)
In-Reply-To: <alpine.LNX.2.21.99999.362.1909200557580.3673@ip-10-207-252-54.us-west-2.compute.internal>
On 9/19/19 11:07 PM, Tino Calancha wrote:
>
> # Now launch Emacs: you will see at *Warnings* buffer
> # File error: Testing file, Permission denied, /home/ec2-user/soft/emacs-master/src
Thanks, I think I see the problem: Emacs is examining its source code, via the
Lisp variable source-directory, a variable that is put into the dump file. But
in your case the source code's permissions forbid access.
This glitch suggests that there are more-serious security problems in the
default Emacs install. If source-directory is (say) "/tmp/emacs-build/whatever",
and /tmp/emacs-build is removed after the build, an attacker can provide a bogus
source directory in place of the real one, and this could cause real problems.
Fedora 30 solves this potential security problem by arranging for the Lisp
variable source-directory to have a value like "/usr/share/emacs/26.2/", which
is a place attackers shouldn't be able to overwrite.
However, the default Emacs install doesn't do that. It installs the sources into
(say) "/usr/local/share/emacs/27.0.50", but it doesn't arrange for
source-directory to point there; instead, source-directory points to wherever
the sources happened to be when Emacs was built, which could be in /tmp. This
sounds like a configuration error in the default Emacs install, and I plan to
look into why it's unsafe whereas the Fedora Emacs install is safer.
next prev parent reply other threads:[~2019-09-20 9:10 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-18 9:02 bug#37445: 27.0.50; Permission denied after make install Tino Calancha
2019-09-18 19:12 ` Paul Eggert
2019-09-19 6:57 ` Paul Eggert
2019-09-19 11:35 ` Tino Calancha
2019-09-19 17:41 ` Paul Eggert
2019-09-20 6:07 ` Tino Calancha
2019-09-20 7:00 ` Eli Zaretskii
2019-09-20 9:10 ` Paul Eggert [this message]
2019-09-20 12:40 ` Eli Zaretskii
2019-09-20 18:17 ` Paul Eggert
2019-09-20 18:59 ` Eli Zaretskii
2019-09-20 19:33 ` Paul Eggert
2019-09-21 6:07 ` Eli Zaretskii
2019-09-26 20:11 ` Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a447510f-da03-baae-58a3-0d2035603acc@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=37445@debbugs.gnu.org \
--cc=tino.calancha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).