From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.bugs,gmane.emacs.pretest.bugs
Subject: bug#865: 23.0.60; The directory is unsafe today
Date: Wed, 10 Sep 2008 12:32:40 -0400
Message-ID: <jwvod2wezi3.fsf-monnier+emacsbugreports@gnu.org>
References: <48BD642C.5050405@gmail.com> <uy7297vtc.fsf@gnu.org>
	<uod356pzf.fsf@gnu.org> <48BF2171.8040101@gnu.org>
	<uej407fz6.fsf@gnu.org> <48BF5671.1040705@gnu.org>
	<u8wu77uyc.fsf@gnu.org>
	<jwvmyin47dh.fsf-monnier+emacsbugreports@gnu.org>
	<u8wu6kgoz.fsf@gnu.org>
	<jwvwshqloq6.fsf-monnier+emacsbugreports@gnu.org>
	<u63pak4p2.fsf@gnu.org>
	<jwvr67yl1kc.fsf-monnier+emacsbugreports@gnu.org>
	<uy725iwer.fsf@gnu.org>
	<jwvzlml2h8u.fsf-monnier+emacsbugreports@gnu.org>
	<ubpz1dkfy.fsf@gnu.org>
	<jwv3akc39md.fsf-monnier+emacsbugreports@gnu.org>
	<uabejerg4.fsf@gnu.org>
	<jwv4p4rl3eo.fsf-monnier+emacsbugreports@gnu.org>
	<umyiicsdz.fsf@gnu.org>
	<jwvbpyxgzh7.fsf-monnier+emacsbugreports@gnu.org>
	<uhc8pcfsu.fsf@gnu.org>
Reply-To: Stefan Monnier <monnier@iro.umontreal.ca>,
	865@emacsbugs.donarmstrong.com
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1221065405 25395 80.91.229.12 (10 Sep 2008 16:50:05 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 10 Sep 2008 16:50:05 +0000 (UTC)
Cc: emacs-pretest-bug@gnu.org, 865@emacsbugs.donarmstrong.com
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Sep 10 18:51:00 2008
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1KdStI-0002OV-2H
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 10 Sep 2008 18:50:04 +0200
Original-Received: from localhost ([127.0.0.1]:44791 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1KdSsH-00082B-WE
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 10 Sep 2008 12:49:02 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KdSqz-0007IV-Ca
	for bug-gnu-emacs@gnu.org; Wed, 10 Sep 2008 12:47:41 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KdSqv-0007Dj-B4
	for bug-gnu-emacs@gnu.org; Wed, 10 Sep 2008 12:47:38 -0400
Original-Received: from [199.232.76.173] (port=58912 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KdSqu-0007DB-9p
	for bug-gnu-emacs@gnu.org; Wed, 10 Sep 2008 12:47:36 -0400
Original-Received: from rzlab.ucr.edu ([138.23.92.77]:45074)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <debbugs@rzlab.ucr.edu>) id 1KdSqt-0002U8-Kw
	for bug-gnu-emacs@gnu.org; Wed, 10 Sep 2008 12:47:35 -0400
Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1])
	by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m8AGlWh9019823; 
	Wed, 10 Sep 2008 09:47:34 -0700
Original-Received: (from debbugs@localhost)
	by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id m8AGe6E3016816;
	Wed, 10 Sep 2008 09:40:06 -0700
X-Loop: don@donarmstrong.com
Resent-From: Stefan Monnier <monnier@iro.umontreal.ca>
Resent-To: bug-submit-list@donarmstrong.com
Resent-CC: Emacs Bugs <bug-gnu-emacs@gnu.org>
Resent-Date: Wed, 10 Sep 2008 16:40:06 +0000
Resent-Message-ID: <handler.865.B865.122106437214539@emacsbugs.donarmstrong.com>
Resent-Sender: don@donarmstrong.com
X-Emacs-PR-Message: report 865
X-Emacs-PR-Package: emacs
X-Emacs-PR-Keywords: 
Original-Received: via spool by 865-submit@emacsbugs.donarmstrong.com
	id=B865.122106437214539
	(code B ref 865); Wed, 10 Sep 2008 16:40:06 +0000
Original-Received: (at 865) by emacsbugs.donarmstrong.com; 10 Sep 2008 16:32:52 +0000
Original-Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com
	[206.248.154.182])
	by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m8AGWkxh014532
	for <865@emacsbugs.donarmstrong.com>; Wed, 10 Sep 2008 09:32:47 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhwGACSTx0hFxIqP/2dsb2JhbACBZbcdgWSBBg
X-IronPort-AV: E=Sophos;i="4.32,373,1217822400"; d="scan'208";a="26616407"
Original-Received: from 69-196-138-143.dsl.teksavvy.com (HELO pastel.home)
	([69.196.138.143])
	by ironport2-out.teksavvy.com with ESMTP; 10 Sep 2008 12:32:40 -0400
Original-Received: by pastel.home (Postfix, from userid 20848)
	id 81F4A85E5; Wed, 10 Sep 2008 12:32:40 -0400 (EDT)
In-Reply-To: <uhc8pcfsu.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 09 Sep
	2008 21:52:49 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux)
X-CrossAssassin-Score: 2
X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 3)
Resent-Date: Wed, 10 Sep 2008 12:47:38 -0400
X-BeenThere: bug-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:20438 gmane.emacs.pretest.bugs:23032
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/20438>

>> > But I don't think we should dismiss the privacy issue just because it
>> > can be bypassed by an ill meaning program: the same can happen on
>> > Unix, given a program that deliberately gains root access.  "Normal"
>> > programs don't use those special access flags and privileges, and so
>> > cannot access files in a private directory.
>> 
>> Huh?  Those programs that can deliberately gain root access are kept
>> under very tight control.  For a normal user to be able to read
>> arbitrary files on the system is considered as a major security hole on
>> unixy systems (even if she has to go through contortions to do that).

> I'm not going to argue about merits and demerits of Unix vs Windows
> wrt security.  My point was that using a private directory in
> server.el is important on Windows even if you think its security level
> is lower than that of Unix systems.

I don't think it is, actually, so we violently agree.

> And I hoped that you'd provide some guidance for implementing this
> on Windows.

As mentioned, ideally the Emacs C code should notice when
default-file-modes is #o700 that the files&dirs should be created
"private", whatever that means in the w32 world.
Even better would be if each individual file-modes bits were interpreted,
but handling #o700 is all we really need for now.


        Stefan