From: Eli Zaretskii <eliz@gnu.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: romain@orebokech.com, emacs-devel@gnu.org
Subject: Re: set-file-extended-attributes and backups
Date: Fri, 21 Dec 2012 18:44:19 +0200 [thread overview]
Message-ID: <83a9t7qrrw.fsf@gnu.org> (raw)
In-Reply-To: <50D48781.1050303@cs.ucla.edu>
> Date: Fri, 21 Dec 2012 08:00:01 -0800
> From: Paul Eggert <eggert@cs.ucla.edu>
> Cc: Romain Francoise <romain@orebokech.com>
>
> On 12/21/12 06:53, Eli Zaretskii wrote:
> > I think this problem is not Windows-specific. So I'm asking here:
> > does it make sense to fail backup-buffer and backup-buffer-copy just
> > because set-file-extended-attributes fails? I think we should ignore
> > such errors
>
> On systems where ACLs can deny access to files, failing to
> copy an ACL can mean that the copy has more permissions
> than the original, no?
Yes, I think so, at least when we are not backing up by renaming.
> Wouldn't that be a security problem?
Maybe. But Emacs does the same on platforms where ACLs are not
accessible to Emacs, so if there's a security problem, we already have
it, I think.
> As I understand it, Windows ACLs can deny access, just as
> Posix ACLs can, so this issue is relevant on Windows too.
Yes, Windows ACLs can deny access, and yes, it is relevant.
> The recently-added ACL code has some security holes in
> this area, doesn't it? It's copying file mode separately
> from copying ACLs. Surely the code should just copy ACLs,
> as there's a race condition now, where the file is
> temporarily exposed between the times the mode and the
> ACLs are copied.
How about if it tried to copy ACLs, and if that failed, attempted to
copy the file modes? That would DTRT if possible, and fall back on
the pre-ACL method if not.
next prev parent reply other threads:[~2012-12-21 16:44 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-21 14:53 set-file-extended-attributes and backups Eli Zaretskii
2012-12-21 16:00 ` Paul Eggert
2012-12-21 16:44 ` Eli Zaretskii [this message]
2012-12-21 17:48 ` Paul Eggert
2012-12-21 18:08 ` Eli Zaretskii
2012-12-21 18:31 ` Paul Eggert
2012-12-23 16:59 ` Romain Francoise
2012-12-23 17:35 ` Eli Zaretskii
2012-12-24 0:59 ` Stefan Monnier
2012-12-24 3:44 ` Eli Zaretskii
2012-12-24 5:18 ` Stefan Monnier
2012-12-24 8:25 ` Michael Albinus
2012-12-24 16:24 ` Eli Zaretskii
2012-12-21 18:31 ` Romain Francoise
2012-12-22 23:03 ` Fabrice Popineau
2012-12-23 3:54 ` Eli Zaretskii
2012-12-23 17:17 ` Eli Zaretskii
2012-12-22 16:05 ` Stefan Monnier
2012-12-22 17:03 ` Eli Zaretskii
2012-12-23 13:37 ` Stefan Monnier
2012-12-29 17:20 ` Eli Zaretskii
2012-12-29 17:50 ` Eli Zaretskii
2012-12-29 19:12 ` Michael Albinus
2012-12-30 10:59 ` Michael Albinus
2012-12-30 17:21 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83a9t7qrrw.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=eggert@cs.ucla.edu \
--cc=emacs-devel@gnu.org \
--cc=romain@orebokech.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).