From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Date: Sat, 05 Apr 2014 18:02:53 -0400 Message-ID: References: <533EED70.9090709@easy-emacs.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1396735404 23325 80.91.229.3 (5 Apr 2014 22:03:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 5 Apr 2014 22:03:24 +0000 (UTC) Cc: 17187@debbugs.gnu.org To: Glenn Morris Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Apr 06 00:03:16 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WWYgG-0003Ht-OD for geb-bug-gnu-emacs@m.gmane.org; Sun, 06 Apr 2014 00:03:16 +0200 Original-Received: from localhost ([::1]:55988 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWYgG-0002pd-Am for geb-bug-gnu-emacs@m.gmane.org; Sat, 05 Apr 2014 18:03:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33984) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWYg8-0002pS-6B for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 18:03:14 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWYg2-0000Au-AL for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 18:03:08 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:35954) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWYg2-0000Aq-7B for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 18:03:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WWYg1-00016v-KH for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 18:03:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 22:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.13967353804259 (code B ref 17187); Sat, 05 Apr 2014 22:03:01 +0000 Original-Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 22:03:00 +0000 Original-Received: from localhost ([127.0.0.1]:37136 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWYfy-00016c-Re for submit@debbugs.gnu.org; Sat, 05 Apr 2014 18:02:59 -0400 Original-Received: from chene.dit.umontreal.ca ([132.204.246.20]:47657) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWYfw-00016S-Co for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 18:02:57 -0400 Original-Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s35M2rxt025739; Sat, 5 Apr 2014 18:02:53 -0400 Original-Received: by pastel.home (Postfix, from userid 20848) id 4BE13604AF; Sat, 5 Apr 2014 18:02:53 -0400 (EDT) In-Reply-To: (Glenn Morris's message of "Sat, 05 Apr 2014 13:22:59 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4903=0 X-NAI-Spam-Version: 2.3.0.9378 : core <4903> : inlines <693> : streams <1152730> : uri <1721447> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:87782 Archived-At: >>> As suggested a decade ago, >>> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >>> the dribble file should be created with file permission bits = 600. >> Very much agreed. > PS maybe it should also abort with an error if the file already exists > (and is a symlink or is not owned by the current user?). You mean it should be created with EXCL? Maybe. Then again, AFAIK this is only used for debugging purposes, so I'm not sure it's that important and you could assume that the user will normally specify a file in a directory she owns, where the attacker shouldn't be able to place a surreptitious symlink. Stefan