From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: Bob Halley <halley@play-bow.org>
Newsgroups: gmane.emacs.devel
Subject: Re: expressions
Date: 05 Jan 2003 11:55:49 -0800
Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org
Message-ID: <m3isx3cqwq.fsf@woof.play-bow.org>
References: <E18UCGO-0002vU-00@snap.thunk.org>
	<E18VFbB-0008Tm-00@fencepost.gnu.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: main.gmane.org 1041796671 5387 80.91.224.249 (5 Jan 2003 19:57:51 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Sun, 5 Jan 2003 19:57:51 +0000 (UTC)
Cc: emacs-devel@gnu.org
Return-path: <emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org>
Original-Received: from quimby.gnus.org ([80.91.224.244])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 18VGu5-0001Ol-00
	for <emacs-devel@main.gmane.org>; Sun, 05 Jan 2003 20:57:49 +0100
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian))
	id 18VGxp-0008G7-00
	for <emacs-devel@quimby.gnus.org>; Sun, 05 Jan 2003 21:01:41 +0100
Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 18VGtg-0006ZZ-01
	for emacs-devel@quimby.gnus.org; Sun, 05 Jan 2003 14:57:24 -0500
Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13)
	id 18VGsu-0005qB-00
	for emacs-devel@gnu.org; Sun, 05 Jan 2003 14:56:36 -0500
Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13)
	id 18VGsV-0005Vd-00
	for emacs-devel@gnu.org; Sun, 05 Jan 2003 14:56:12 -0500
Original-Received: from woof.play-bow.org ([204.152.186.150])
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 18VGsB-0005Sl-00; Sun, 05 Jan 2003 14:55:51 -0500
Original-Received: by woof.play-bow.org (Postfix, from userid 500)
	id 0010F2EB4B; Sun,  5 Jan 2003 11:55:49 -0800 (PST)
Original-To: rms@gnu.org
In-Reply-To: <E18VFbB-0008Tm-00@fencepost.gnu.org>
Original-Lines: 17
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50
Original-cc: tytso@mit.edu
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1b5
Precedence: list
List-Id: Emacs development discussions. <emacs-devel.gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Post: <mailto:emacs-devel@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org
Xref: main.gmane.org gmane.emacs.devel:10508
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:10508

Richard Stallman <rms@gnu.org> writes:

> This is a useful feature.  I have a security question for the people
> on emacs-devel who support non-GNU-like platforms.  server.el sets up
> mode 0700 for the socket.  Is that sufficient security, on all
> platforms, to make it safe to install this feature?

No, it is not safe.  On Solaris, at least as recent as Solaris 8, the
file permissions on UNIX domain sockets are totally ignored.  This may
be true on other platforms as well, though many platforms "do the
right thing" and check file permissions.

The standard way of dealing with this portably is to create a
directory for the socket filename to live in, and control access via
permissions on the directory.

/Bob