From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel,gmane.emacs.pretest.bugs
Subject: Re: creating backups in temporary directories
Date: Sun, 09 Sep 2007 22:59:10 -0400
Message-ID: <jwvwsuz9qk0.fsf-monnier+emacs@gnu.org>
References: <a9691ee20709070342w43d278cfmd4ca133068d35221@mail.gmail.com>
	<85sl5q5vy6.fsf@lola.goethe.zz>
	<jwvfy1q4axa.fsf-monnier+emacs@gnu.org> <87y7fii7bz.fsf@gmx.de>
	<jwvveam1ad6.fsf-monnier+emacs@gnu.org>
	<E1IU6HI-0002B7-Rs@fencepost.gnu.org>
	<jwvy7ffeid0.fsf-monnier+emacs@gnu.org>
	<E1IUXpJ-000763-5M@fencepost.gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1189395406 26193 80.91.229.12 (10 Sep 2007 03:36:46 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 10 Sep 2007 03:36:46 +0000 (UTC)
Cc: emacs-pretest-bug@gnu.org, christopher.ian.moore@gmail.com, svenjoac@gmx.de
To: rms@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Sep 10 13:36:33 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1IUgz1-00011H-DN
	for ged-emacs-devel@m.gmane.org; Mon, 10 Sep 2007 12:59:11 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1IUZUe-000349-BW
	for ged-emacs-devel@m.gmane.org; Sun, 09 Sep 2007 22:59:20 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IUZUa-00031T-MF
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 22:59:16 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IUZUY-0002zY-RE
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 22:59:16 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IUZUY-0002zQ-OA
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 22:59:14 -0400
Original-Received: from fencepost.gnu.org ([140.186.70.10])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <monnier@iro.umontreal.ca>) id 1IUZUY-00066W-Ey
	for emacs-devel@gnu.org; Sun, 09 Sep 2007 22:59:14 -0400
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by fencepost.gnu.org with esmtp (Exim 4.60)
	(envelope-from <monnier@iro.umontreal.ca>) id 1IUZUC-00035P-2T
	for emacs-pretest-bug@gnu.org; Sun, 09 Sep 2007 22:58:52 -0400
Original-Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <monnier@iro.umontreal.ca>) id 1IUZUV-00066I-US
	for emacs-pretest-bug@gnu.org; Sun, 09 Sep 2007 22:59:14 -0400
Original-Received: from tomts20-srv.bellnexxia.net ([209.226.175.74])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <monnier@iro.umontreal.ca>)
	id 1IUZUV-00066A-LF; Sun, 09 Sep 2007 22:59:11 -0400
Original-Received: from pastel.home ([70.55.141.227]) by tomts20-srv.bellnexxia.net
	(InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP
	id <20070910025910.EAZE8273.tomts20-srv.bellnexxia.net@pastel.home>;
	Sun, 9 Sep 2007 22:59:10 -0400
Original-Received: by pastel.home (Postfix, from userid 20848)
	id A93B28075; Sun,  9 Sep 2007 22:59:10 -0400 (EDT)
In-Reply-To: <E1IUXpJ-000763-5M@fencepost.gnu.org> (Richard Stallman's message
	of "Sun\, 09 Sep 2007 21\:12\:33 -0400")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/23.0.50 (gnu/linux)
X-Detected-Kernel: Solaris 8 (1)
X-Detected-Kernel: Linux 2.6, seldom 2.4 (older, 4)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:78405 gmane.emacs.pretest.bugs:19812
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/78405>

>     But in a directory with mode 1777 when you open a file that *you* own,
>     nobody else can remove it or rename it, so normally nobody can replace it
>     with a symlink.  Emacs creates the problem when it moves /tmp/foo to
>     /tmp/foo~ at which point /tmp/foo is free for an attacker to take.

> This suggests that Emacs should always do backup by copying
> in such directories.  Would that solve the problem?

It replaces one problem by another.  More specifically, it's safe to do
a backup using copying on one condition: that there was already a backup
(owned by you).  Otherwise, we bump into the problem I mentioned originally:
some other user could see you're editing /tmp/foo and create a /tmp/foo~
symlink before you create it.


        Stefan