From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Andreas Schwab <schwab@suse.de>
Newsgroups: gmane.emacs.devel,gmane.emacs.pretest.bugs
Subject: Re: creating backups in temporary directories
Date: Sun, 09 Sep 2007 22:27:30 +0200
Message-ID: <je7imzwpn1.fsf@sykes.suse.de>
References: <a9691ee20709070342w43d278cfmd4ca133068d35221@mail.gmail.com>
	<85sl5q5vy6.fsf@lola.goethe.zz>
	<jwvfy1q4axa.fsf-monnier+emacs@gnu.org> <87y7fii7bz.fsf@gmx.de>
	<jwvveam1ad6.fsf-monnier+emacs@gnu.org>
	<E1IU6HI-0002B7-Rs@fencepost.gnu.org>
	<jwvy7ffeid0.fsf-monnier+emacs@gnu.org>
	<85odgbobf0.fsf@lola.goethe.zz>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: sea.gmane.org 1189372265 8509 80.91.229.12 (9 Sep 2007 21:11:05 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Sun, 9 Sep 2007 21:11:05 +0000 (UTC)
Cc: emacs-pretest-bug@gnu.org, christopher.ian.moore@gmail.com, svenjoac@gmx.de,
	Stefan Monnier <monnier@iro.umontreal.ca>, rms@gnu.org
To: David Kastrup <dak@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 10 07:10:51 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1IUas9-0003kF-Ro
	for ged-emacs-devel@m.gmane.org; Mon, 10 Sep 2007 06:27:42 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1IUTNi-00073E-3k
	for ged-emacs-devel@m.gmane.org; Sun, 09 Sep 2007 16:27:46 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IUTNe-00072z-3f
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 16:27:42 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IUTNb-00072n-OM
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 16:27:40 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IUTNb-00072k-Hy
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 16:27:39 -0400
Original-Received: from fencepost.gnu.org ([140.186.70.10])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <schwab@suse.de>) id 1IUTNb-0006jl-9r
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 16:27:39 -0400
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by fencepost.gnu.org with esmtp (Exim 4.60)
	(envelope-from <schwab@suse.de>) id 1IUTNF-0003vh-Ap
	for emacs-pretest-bug@gnu.org; Sun, 09 Sep 2007 16:27:17 -0400
Original-Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <schwab@suse.de>) id 1IUTNX-0006jV-OK
	for emacs-pretest-bug@gnu.org; Sun, 09 Sep 2007 16:27:39 -0400
Original-Received: from cantor2.suse.de ([195.135.220.15] helo=mx2.suse.de)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <schwab@suse.de>)
	id 1IUTNU-0006j6-GG; Sun, 09 Sep 2007 16:27:32 -0400
Original-Received: from Relay1.suse.de (mail2.suse.de [195.135.221.8])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx2.suse.de (Postfix) with ESMTP id BCD6722AE9;
	Sun,  9 Sep 2007 22:27:30 +0200 (CEST)
X-Yow: I need "RONDO".
In-Reply-To: <85odgbobf0.fsf@lola.goethe.zz> (David Kastrup's message of "Sun\,
	09 Sep 2007 22\:01\:55 +0200")
User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.1 (gnu/linux)
X-Detected-Kernel: Linux 2.4-2.6
X-Detected-Kernel: Linux 2.6, seldom 2.4 (older, 4)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:78348 gmane.emacs.pretest.bugs:19796
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/78348>

David Kastrup <dak@gnu.org> writes:

> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>
>> In a directory with mode 777, that's true: everything is dangerous.
>> But in a directory with mode 1777 when you open a file that *you* own,
>> nobody else can remove it or rename it, so normally nobody can replace=
 it
>> with a symlink.  Emacs creates the problem when it moves /tmp/foo to
>> /tmp/foo~ at which point /tmp/foo is free for an attacker to take.
>
> Well, the alternative is to make a hard link of /tmp/foo to /tmp/foo~,
> then creat /tmp/foo over it and fill it with contents without
> reopening.
>
> That should close the time window for an attack.

You have to unlink the file first, so the window remains.

Andreas.

--=20
Andreas Schwab, SuSE Labs, schwab@suse.de
SuSE Linux Products GmbH, Maxfeldstra=DFe 5, 90409 N=FCrnberg, Germany
PGP key fingerprint =3D 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED=
5
"And now for something completely different."