From: Richard Stallman <rms@gnu.org>
Cc: emacs-devel@gnu.org
Subject: Re: backup method
Date: Tue, 01 Feb 2005 08:30:35 -0500 [thread overview]
Message-ID: <E1Cvy71-0005le-Nd@fencepost.gnu.org> (raw)
In-Reply-To: <874qgyxw24.fsf-monnier+emacs@gnu.org> (message from Stefan Monnier on Sun, 30 Jan 2005 19:57:28 -0500)
- if backup-by-copying is t, then when writing the backup file we may follow
a symlink (planted by some other user) to some important file.
Simply writing a file in such a directory would raise the same issue,
right? If so, it really has nothing to do with backups.
I think the fix is to treat files in such directories as precious.
Not because they really are precious, but because the handling of a
precious file might avoid the problem.
However, I think the existing code for basic-save-buffer-2 that handles
file-precious-flag is not entirely correct for this. It tries to
find a name that does not exist, but doesn't protect against the
possibility that someone might create the name after it tests
but before it uses the name.
I wrote this patch to try to fix it. I also tried fixing
backup-copy-buffer in a similar way, but isn't perfect;
someone could delete the file and create a symlink in between
the call to write-region and the call to copy-file.
So we would need an "exclusive" option in copy-file too.
*** files.el 28 Jan 2005 09:33:33 -0500 1.744
--- files.el 31 Jan 2005 08:33:15 -0500
***************
*** 3312,3350 ****
;; This requires write access to the containing dir,
;; which is why we don't try it if we don't have that access.
(let ((realname buffer-file-name)
! tempname nogood i succeed
(old-modtime (visited-file-modtime)))
! (setq i 0)
! (setq nogood t)
! ;; Find the temporary name to write under.
! (while nogood
! (setq tempname (format
! (if (and (eq system-type 'ms-dos)
! (not (msdos-long-file-names)))
! "%s#%d.tm#" ; MSDOS limits files to 8+3
! (if (memq system-type '(vax-vms axp-vms))
! "%s$tmp$%d"
! "%s#tmp#%d"))
! dir i))
! (setq nogood (file-exists-p tempname))
! (setq i (1+ i)))
(unwind-protect
! (progn (clear-visited-file-modtime)
! (write-region (point-min) (point-max)
! tempname nil realname
! buffer-file-truename)
! (setq succeed t))
! ;; If writing the temp file fails,
! ;; delete the temp file.
! (or succeed
! (progn
! (condition-case nil
! (delete-file tempname)
! (file-error nil))
! (set-visited-file-modtime old-modtime))))
! ;; Since we have created an entirely new file
! ;; and renamed it, make sure it gets the
! ;; right permission bits set.
(setq setmodes (or setmodes (cons (file-modes buffer-file-name)
buffer-file-name)))
;; We succeeded in writing the temp file,
--- 3314,3354 ----
;; This requires write access to the containing dir,
;; which is why we don't try it if we don't have that access.
(let ((realname buffer-file-name)
! tempname succeed
! (umask (default-file-modes))
(old-modtime (visited-file-modtime)))
! ;; Create temp files with strict access rights. It's easy to
! ;; loosen them later, whereas it's impossible to close the
! ;; time-window of loose permissions otherwise.
(unwind-protect
! (progn
! (clear-visited-file-modtime)
! (set-default-file-modes ?\700)
! ;; Try various temporary names.
! ;; This code follows the example of make-temp-file,
! ;; but it calls write-region in the appropriate way
! ;; for saving the buffer.
! (while (condition-case ()
! (progn
! (setq tempname
! (make-temp-name
! (expand-file-name "tmp" dir)))
! (write-region (point-min) (point-max)
! tempname nil realname
! buffer-file-truename 'excl)
! nil)
! (file-already-exists t))
! ;; The file was somehow created by someone else between
! ;; `make-temp-name' and `write-region', let's try again.
! nil)
! (setq succeed t))
! ;; Reset the umask.
! (set-default-file-modes umask)
! ;; If we failed, restore the buffer's modtime.
! (unless succeed
! (set-visited-file-modtime old-modtime)))
! ;; Since we have created an entirely new file,
! ;; make sure it gets the right permission bits set.
(setq setmodes (or setmodes (cons (file-modes buffer-file-name)
buffer-file-name)))
;; We succeeded in writing the temp file,
next prev parent reply other threads:[~2005-02-01 13:30 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-27 0:02 backup method Han Boetes
2005-01-27 0:45 ` Luc Teirlinck
2005-01-27 1:20 ` Miles Bader
2005-01-27 1:37 ` Luc Teirlinck
2005-01-27 1:54 ` Han Boetes
2005-01-27 22:18 ` Richard Stallman
2005-01-28 3:56 ` Han Boetes
2005-01-29 4:16 ` Richard Stallman
2005-01-29 6:08 ` Han Boetes
2005-01-29 18:42 ` Luc Teirlinck
2005-01-29 21:06 ` Stefan Monnier
2005-01-29 21:48 ` Luc Teirlinck
2005-01-29 22:37 ` Luc Teirlinck
2005-01-29 22:49 ` Luc Teirlinck
2005-01-29 21:57 ` Luc Teirlinck
2005-01-29 22:05 ` Luc Teirlinck
2005-01-29 22:52 ` Han Boetes
2005-01-29 23:50 ` Stefan Monnier
2005-01-30 21:52 ` Han Boetes
2005-01-31 0:20 ` Richard Stallman
2005-01-31 0:57 ` Stefan Monnier
2005-02-01 13:30 ` Richard Stallman [this message]
2005-02-01 14:09 ` Stefan Monnier
2005-02-03 6:40 ` Richard Stallman
2005-02-03 9:27 ` David Kastrup
2005-02-03 10:15 ` Han Boetes
2005-02-05 5:28 ` Richard Stallman
2005-02-05 10:26 ` David Kastrup
2005-02-06 10:29 ` Richard Stallman
2005-01-31 0:20 ` Richard Stallman
2005-01-31 4:07 ` Han Boetes
2005-01-29 20:06 ` Luc Teirlinck
2005-01-30 10:57 ` Richard Stallman
2005-01-30 11:39 ` Han Boetes
2005-01-27 18:25 ` Kevin Rodgers
2005-01-27 20:25 ` Reiner Steib
2005-01-27 23:19 ` Miles Bader
2005-01-27 23:12 ` Miles Bader
2005-01-28 3:55 ` Richard Stallman
2005-01-27 1:47 ` Luc Teirlinck
2005-01-27 2:08 ` Han Boetes
2005-01-27 2:27 ` Han Boetes
2005-01-27 4:59 ` Han Boetes
2005-01-27 2:37 ` Miles Bader
2005-01-27 3:27 ` Han Boetes
2005-01-27 5:08 ` Eli Zaretskii
2005-01-27 5:27 ` Han Boetes
2005-01-27 19:41 ` Eli Zaretskii
2005-01-28 4:14 ` Han Boetes
2005-01-27 8:30 ` Kim F. Storm
2005-01-27 19:55 ` Luc Teirlinck
2005-01-27 21:12 ` Luc Teirlinck
2005-01-27 20:15 ` Luc Teirlinck
2005-01-27 22:19 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1Cvy71-0005le-Nd@fencepost.gnu.org \
--to=rms@gnu.org \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).