From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Lynn Winebarger <owinebar@gmail.com>
Newsgroups: gmane.linux.debian.devel.bugs.general,gmane.emacs.devel
Subject: Bug#1021842: Finalizing 'inhibit-automatic-native-compilation'
Date: Mon, 20 Feb 2023 15:50:25 -0500
Message-ID: <CAM=F=bDc30EZgQsYtELZbYKV-CMzOPho+inH9OXZvgECkSRHYg@mail.gmail.com>
References: <xjf1qmt5j0r.fsf@ma.sdf.org> <jwvttzp5fwo.fsf-monnier+emacs@gnu.org> <xjfk00k4h4v.fsf@ma.sdf.org> <20230218.061335.1468428093197134401.tats%nobody@tats.iris.ne.jp> <xjfzg9a3af3.fsf@ma.sdf.org> <jwv5ybythji.fsf-monnier+emacs@gnu.org> <xjfv8jw3dzt.fsf@ma.sdf.org> <837cwcwnpf.fsf@gnu.org> <xjfilfw2vjj.fsf@ma.sdf.org> <jwvk00cmiup.fsf-monnier+emacs@gnu.org> <166586215062.368699.18398270685158383578.reportbug@convex>
Reply-To: Lynn Winebarger <owinebar@gmail.com>, 1021842@bugs.debian.org
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="25331"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Andrea Corallo <akrl@sdf.org>, Eli Zaretskii <eliz@gnu.org>, tats@debian.org, emacs-devel@gnu.org, 
	spwhitton@spwhitton.name, 1021842@bugs.debian.org
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: bounce-debian-bugs-dist=glddb-debian-bugs-dist2=m.gmane-mx.org@lists.debian.org Mon Feb 20 21:54:10 2023
Return-path: <bounce-debian-bugs-dist=glddb-debian-bugs-dist2=m.gmane-mx.org@lists.debian.org>
Envelope-to: glddb-debian-bugs-dist2@m.gmane-mx.org
Original-Received: from bendel.debian.org ([82.195.75.100])
	by ciao.gmane.io with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bounce-debian-bugs-dist=glddb-debian-bugs-dist2=m.gmane-mx.org@lists.debian.org>)
	id 1pUDAo-0006Qd-Am
	for glddb-debian-bugs-dist2@m.gmane-mx.org; Mon, 20 Feb 2023 21:54:10 +0100
Original-Received: from localhost (localhost [127.0.0.1])
	by bendel.debian.org (Postfix) with QMQP
	id F39B920790; Mon, 20 Feb 2023 20:54:08 +0000 (UTC)
X-Mailbox-Line: From debian-bugs-dist-request@lists.debian.org  Mon Feb 20 20:54:08 2023
Old-Return-Path: <debbugs@buxtehude.debian.org>
Original-Received: from localhost (localhost [127.0.0.1])
	by bendel.debian.org (Postfix) with ESMTP id B7E5320F1E
	for <lists-debian-bugs-dist@bendel.debian.org>; Mon, 20 Feb 2023 20:54:08 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank bug
Original-Received: from bendel.debian.org ([127.0.0.1])
	by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
	with ESMTP id o4pHPTnBoZ2l
	for <lists-debian-bugs-dist@bendel.debian.org>;
	Mon, 20 Feb 2023 20:54:06 +0000 (UTC)
Original-Received: from buxtehude.debian.org (buxtehude.debian.org [IPv6:2607:f8f0:614:1::1274:39])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "buxtehude.debian.org", Issuer "Debian SMTP CA" (not verified))
	by bendel.debian.org (Postfix) with ESMTPS id 356EE20F26;
	Mon, 20 Feb 2023 20:54:06 +0000 (UTC)
Original-Received: from debbugs by buxtehude.debian.org with local (Exim 4.94.2)
	(envelope-from <debbugs@buxtehude.debian.org>)
	id 1pUDAg-008eOI-JN; Mon, 20 Feb 2023 20:54:02 +0000
X-Loop: owner@bugs.debian.org
Resent-From: Lynn Winebarger <owinebar@gmail.com>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: Rob Browning <rlb@defaultvalue.org>
X-Loop: owner@bugs.debian.org
Resent-Date: Mon, 20 Feb 2023 20:54:01 +0000
Resent-Message-ID: <handler.1021842.B1021842.16769262392059840@bugs.debian.org>
X-Debian-PR-Message: followup 1021842
X-Debian-PR-Package: emacsen-common
X-Debian-PR-Source: emacsen-common
Original-Received: via spool by 1021842-submit@bugs.debian.org id=B1021842.16769262392059840
          (code B ref 1021842); Mon, 20 Feb 2023 20:54:01 +0000
Original-Received: (at 1021842) by bugs.debian.org; 20 Feb 2023 20:50:39 +0000
Original-Received: from mail-pl1-x62e.google.com ([2607:f8b0:4864:20::62e]:40935)
	by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_128_GCM:128)
	(Exim 4.94.2)
	(envelope-from <owinebar@gmail.com>)
	id 1pUD7O-008dr2-Tk
	for 1021842@bugs.debian.org; Mon, 20 Feb 2023 20:50:38 +0000
Original-Received: by mail-pl1-x62e.google.com with SMTP id p1so777363plg.7
        for <1021842@bugs.debian.org>; Mon, 20 Feb 2023 12:50:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=JSFvplWqFYuo5/BK1F3mdpxqQjOvrjaAyxBQTNf9yuU=;
        b=oEeRyLzUvkAsb6lRERZn3x8eOIx4MAnEdflAMK2PuCO7kAjpXOMPh32pyqJW1cgmSJ
         W7Rek0N2bNkjmuIVe67gIT0fLdZbCqOwIkAUpE6zZXXarSTKf7S1AGaDEBTKb+KG6trr
         /6l5o8wTJ+/UCqdb52I4WwOt2Ldj/G1CJ8lQiI/Wmbut/xNNlb9a7xqLuRgSoNl8P2Ma
         fbDH1F9nA2VdjrCMg5blfwABP66mbGN0S1HWiEOfsl7YzXAuLSYJsAdm8ZCLsY3dOBLq
         7NWb/6C4v5IkZ+aZ0WOZ8fO3JpiBmIaAT2SHMn0u2oZCsZkqK54orVQ3qCVR8Ez9cgYn
         LtEQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JSFvplWqFYuo5/BK1F3mdpxqQjOvrjaAyxBQTNf9yuU=;
        b=G4xzKXq0rI4T7F5jjJs2LaRsE590uTk0VY24cjYCFEyzxYPvUHmS6HoMyC+5Ma/wRv
         vz3gCJDjnIVEyHqpnm1vPQnZgV6FRAQj8NmiY2+L1rX/hpHP+I1VWQCQ+QPjSwjX7VuY
         YRPNyrpyKjBkInn79sqi1I+71VCoeKuDL6PQwt5FoCsnZS20kfllVo5ysOEIr1I6ql55
         S3wpuWOFSJIu8M/Ct3K9N5DsrQBrGBwBBR4/WkY63J5O7yIGtiLMbZisX9KMFBv/kPPS
         w7zvNmRl2JFknmgTR6LjZLXcvgjSaMUHfyros22592OSNH3Z84/xPqohOgz0mZjNkW9k
         45lA==
X-Gm-Message-State: AO0yUKUQ98Wlzo6F1TGD2mUPi3tLVxDOzQthpVx42WI77/xkj1xrJV/1
	MJIW3VFIYQ0JW+aLrf384+Rfs8i3aZ5JKS0rxzM=
X-Google-Smtp-Source: AK7set/Cmes4y2g8OOl9PV4L69WVI4wE13OF/w+kX/0qpylteHzwx3ufHDfTh+KsbrWZVN0pFrC0Hkitl60HQ2We6Pc=
X-Received: by 2002:a17:90b:1806:b0:22c:4a69:6805 with SMTP id
 lw6-20020a17090b180600b0022c4a696805mr966951pjb.7.1676926237049; Mon, 20 Feb
 2023 12:50:37 -0800 (PST)
In-Reply-To: <jwvk00cmiup.fsf-monnier+emacs@gnu.org>
X-Debian-Message: from BTS
X-Mailing-List: <debian-bugs-dist@lists.debian.org> archive/latest/1761168
X-Loop: debian-bugs-dist@lists.debian.org
List-Id: <debian-bugs-dist.lists.debian.org>
List-URL: <https://lists.debian.org/debian-bugs-dist/>
List-Post: <mailto:debian-bugs-dist@lists.debian.org>
List-Help: <mailto:debian-bugs-dist-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-bugs-dist-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-bugs-dist-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-bugs-dist-request@lists.debian.org
Xref: news.gmane.io gmane.linux.debian.devel.bugs.general:1838812 gmane.emacs.devel:303623
Archived-At: <http://permalink.gmane.org/gmane.linux.debian.devel.bugs.general/1838812>

On Mon, Feb 20, 2023 at 11:02 AM Stefan Monnier
<monnier@iro.umontreal.ca> wrote:
> > So I guess one could remove the file after the first creation and make
> > it a link pointing to some other file waiting for libgccjit to do
> > its write.
>
> "One" as in "an attacker"?  In `/tmp` an attacker should not be able to
> do that because it's supposed to be using the sticky bit so that only
> the owner of a file can remove it.

Just to be clear, this condition should be checked before emacs is
willing to use the temporary directory in question.  No unprivileged
user should be able to overwrite a directory entry the uid of the
emacs process creates at any point in the path to the temporary file.

Lynn