From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: David Kastrup <dak@gnu.org>
Newsgroups: gmane.emacs.devel,gmane.emacs.pretest.bugs
Subject: Re: 22.1.50; insert-file-contents is slow under tramp
Date: Mon, 27 Aug 2007 16:14:56 +0200
Message-ID: <86sl65qd27.fsf@lola.quinscape.zz>
References: <87veb6l9b0.fsf@escher.local.home> <46CD98DC.1050701@gmx.at>
	<87r6lul2fc.fsf@escher.local.home> <46CDC8B3.7000301@gmx.at>
	<jwv1wduw002.fsf-monnier+emacs@gnu.org> <46CDED2B.3080904@gmx.at>
	<87k5rmkmu0.fsf@escher.local.home> <46CDF5B7.2030201@gmx.at>
	<87fy2akjzt.fsf@escher.local.home> <87bqcxzeat.fsf@gmx.de>
	<jwvwsvlt3ch.fsf-monnier+emacs@gnu.org> <871wdqlgzz.fsf@gmx.de>
	<jwvr6lpk467.fsf-monnier+emacs@gnu.org>
	<nqlkbxryqy.fsf@alcatel-lucent.de>
	<jwvmywdhyjo.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1188224110 6157 80.91.229.12 (27 Aug 2007 14:15:10 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 27 Aug 2007 14:15:10 +0000 (UTC)
Cc: emacs-pretest-bug@gnu.org, Stephen Berman <Stephen.Berman@gmx.net>,
	Michael Albinus <michael.albinus@gmx.de>, emacs-devel@gnu.org
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Aug 27 16:15:06 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1IPfMt-00044T-HS
	for ged-emacs-devel@m.gmane.org; Mon, 27 Aug 2007 16:15:03 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1IPfMs-00082O-Hl
	for ged-emacs-devel@m.gmane.org; Mon, 27 Aug 2007 10:15:02 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IPfMo-00080F-Ly
	for emacs-devel@gnu.org; Mon, 27 Aug 2007 10:14:58 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IPfMo-0007zr-7Z
	for emacs-devel@gnu.org; Mon, 27 Aug 2007 10:14:58 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IPfMo-0007zh-3z
	for emacs-devel@gnu.org; Mon, 27 Aug 2007 10:14:58 -0400
Original-Received: from pc3.berlin.powerweb.de ([62.67.228.11])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <dak@gnu.org>) id 1IPfMn-0002sK-M6
	for emacs-devel@gnu.org; Mon, 27 Aug 2007 10:14:58 -0400
Original-Received: from quinscape.de (dslnet.212-29-44.ip210.dokom.de [212.29.44.210]
	(may be forged))
	by pc3.berlin.powerweb.de (8.9.3p3/8.9.3) with ESMTP id QAA15778
	for <emacs-devel@gnu.org>; Mon, 27 Aug 2007 16:14:49 +0200
X-Delivered-To: <emacs-devel@gnu.org>
Original-Received: (qmail 28495 invoked from network); 27 Aug 2007 14:14:56 -0000
Original-Received: from unknown (HELO lola.quinscape.zz) ([10.0.3.43])
	(envelope-sender <dak@gnu.org>)
	by ns.quinscape.de (qmail-ldap-1.03) with SMTP
	for <michael.albinus@gmx.de>; 27 Aug 2007 14:14:56 -0000
Original-Received: by lola.quinscape.zz (Postfix, from userid 1001)
	id 0BBD28FA33; Mon, 27 Aug 2007 16:14:56 +0200 (CEST)
In-Reply-To: <jwvmywdhyjo.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message
	of "Mon\, 27 Aug 2007 09\:58\:32 -0400")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1.50 (gnu/linux)
X-Detected-Kernel: Linux 2.4-2.6
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:77288 gmane.emacs.pretest.bugs:19645
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/77288>

Stefan Monnier <monnier@iro.umontreal.ca> writes:

>> The current approach(1) is to remove any temporary file immediately after
>> it has been processes by Emacs (for example, insert-file-contents is
>> finished).  This reduces the time nasty third party can see such a file.
>
> If the file is readable, that's a major security concern.
>
>> But I admit, this might not be sufficient wrt security threats.  Maybe
>> one could change it such a way, that temporary files shall be owned by
>> (user-login-name), and shall carry 0400 permissions.
>
> How can you do that?  Let's say I access a file of user BAR from
> user FOO, how would you go about doing it in such a way that user
> TOTO can never see the content of the file?  BAR can't use `chown'
> (unless it's root).

Huh?  We are talking about tramp here.  The file is transferred
through a ssh session.  On the receiving side, you'll be free to
create a file with whatever permissions you want, and on the sending
side, no change of permissions is required to access the file.

-- 
David Kastrup