From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail From: Dmitry Gutov Newsgroups: gmane.emacs.bugs Subject: bug#39563: temp files Date: Tue, 11 Feb 2020 17:15:10 +0200 Message-ID: <1bb04a39-4869-3ee7-2ac9-a73126f1499b@yandex.ru> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202"; logging-data="126911"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 To: Pedro Moreira , 39563@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Feb 11 16:16:16 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1j1XGo-000Wsg-CB for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 11 Feb 2020 16:16:14 +0100 Original-Received: from localhost ([::1]:51300 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j1XGn-0003TC-FH for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 11 Feb 2020 10:16:13 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:36256) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j1XGd-0003SF-34 for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2020 10:16:04 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j1XGb-0007ek-Sc for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2020 10:16:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:51389) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1j1XGb-0007ec-OC for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2020 10:16:01 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1j1XGb-0002iG-K6 for bug-gnu-emacs@gnu.org; Tue, 11 Feb 2020 10:16:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Dmitry Gutov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 11 Feb 2020 15:16:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 39563 X-GNU-PR-Package: emacs Original-Received: via spool by 39563-submit@debbugs.gnu.org id=B39563.158143412010354 (code B ref 39563); Tue, 11 Feb 2020 15:16:01 +0000 Original-Received: (at 39563) by debbugs.gnu.org; 11 Feb 2020 15:15:20 +0000 Original-Received: from localhost ([127.0.0.1]:57362 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1j1XFw-0002gw-DB for submit@debbugs.gnu.org; Tue, 11 Feb 2020 10:15:20 -0500 Original-Received: from mail-ed1-f51.google.com ([209.85.208.51]:40534) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1j1XFu-0002ge-Jl for 39563@debbugs.gnu.org; Tue, 11 Feb 2020 10:15:19 -0500 Original-Received: by mail-ed1-f51.google.com with SMTP id p3so5058962edx.7 for <39563@debbugs.gnu.org>; Tue, 11 Feb 2020 07:15:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=6n8C/CBLVI+u9NJLBwtC7AbXmLiYFUJoI/vcNNSrCj0=; b=LofcXogRpi5CQV95rL7l94Q5GMJ/s0mNtJoiE9CA++ZmYKqw3BIqciEHkqlnVe7V/U Oa12ABUatGv/z7xDqyTikKTzocXAwIp9c+/GPVN8YJpuRHahHHOAIWE5cguKA93mpOOm t938NpF9P5cyINimAAOeaS9jEo0QBWfKpJyW1x9B96eLCWXGIYEotE0diMjpOp8tniNU /efnrzoGOCGV33yg8jsQRkGZfuw1k8sAdQJxGZIlCzH7Fuzu24hYhU9ThfoFU78T5rc/ feJM9SCkv5GoALy9Zi4kkEsJO1DX/RiP4jvEAimIWmPQxR5LWZbSGjyylG6hQWBpGeK+ 6EzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=6n8C/CBLVI+u9NJLBwtC7AbXmLiYFUJoI/vcNNSrCj0=; b=dHgTFp+qzgOMdepqRMM23EYuWHGxqHRRI3ulFwhhUFQ+lf5AGznvaA9HHsW7NZiLBy 4HSKZqY9lfdwKHjgBUCSYOrhsXNLg7r/AnIP3Z3yHD+av+RFEDk0g8UaDIRmQ8/Ybe4f n7YZxe8xJdUSU6VH3G4sx0o/MUWZp64BkJmfLbRVaZIZZfkNgY29aFCk0HqVQJFN0Idb LANmKTM5BMaLR8ZwFijWSb6kzM5WuX5X7ap7PjrYGOcrJMmGBwVKlgL8NPtaXJzwjhfb 7suevC4Qg+oknQpdvSwfZonoJ9zQZK8x9HZ/gCOhsYofUcfBztk0ZZee0s8RRIo00xYA dulA== X-Gm-Message-State: APjAAAUcQDy69wKiaPcwwjK6f2X1ceuheMkpyqVbSBU1JoaCSw9Fco5b CWLE2VZzXMTAVcFnvvYRQZ05dX46in8= X-Google-Smtp-Source: APXvYqw1KBKtwRBpFdU9rh73CWSuYAycIdKzFeGUTijjbnRk2Q/KIfv47LKuvoWHQJWYqWpFbKNWYA== X-Received: by 2002:aa7:d510:: with SMTP id y16mr6475168edq.214.1581434112653; Tue, 11 Feb 2020 07:15:12 -0800 (PST) Original-Received: from [192.168.0.155] ([109.110.245.170]) by smtp.googlemail.com with ESMTPSA id z10sm379894ejn.16.2020.02.11.07.15.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 11 Feb 2020 07:15:11 -0800 (PST) In-Reply-To: Content-Language: en-US X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:175936 Archived-At: On 11.02.2020 13:32, Pedro Moreira wrote: > Therefore the code in that file is exposed. If an attacker tries to > access files like https://domain.com/index.php~ the server wont > interpret that file as php and presents it as plain text exposing the > source code. Would it be better for the server to interpret it as PHP code and allow an arbitrary visitor to run whatever intermediary version of your code that's in the backup?