From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Han Boetes Newsgroups: gmane.emacs.devel Subject: Re: backup method Date: Sun, 30 Jan 2005 22:51:46 +0059 Message-ID: <20050130215208.GC6167@boetes.org> References: <200501270045.j0R0jIq06197@raven.dms.auburn.edu> <20050127015432.GB6167@boetes.org> <20050128035618.GI6167@boetes.org> <20050129060851.GQ6167@boetes.org> <200501291842.j0TIgVw09020@raven.dms.auburn.edu> <20050129225259.GT6167@boetes.org> <87r7k3zti5.fsf-monnier+emacs@gnu.org> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1107122385 7160 80.91.229.6 (30 Jan 2005 21:59:45 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Sun, 30 Jan 2005 21:59:45 +0000 (UTC) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sun Jan 30 22:59:39 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CvN6Y-0006yW-00 for ; Sun, 30 Jan 2005 22:59:38 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CvNJ8-00083H-M2 for ged-emacs-devel@m.gmane.org; Sun, 30 Jan 2005 17:12:38 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1CvNES-0006PN-Ti for emacs-devel@gnu.org; Sun, 30 Jan 2005 17:07:49 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1CvNEH-0006I9-4H for emacs-devel@gnu.org; Sun, 30 Jan 2005 17:07:38 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1CvNED-0006GV-Kv for emacs-devel@gnu.org; Sun, 30 Jan 2005 17:07:33 -0500 Original-Received: from [217.120.147.78] (helo=boetes.org) by monty-python.gnu.org with smtp (Exim 4.34) id 1CvMyx-0001e7-Mp for emacs-devel@gnu.org; Sun, 30 Jan 2005 16:51:48 -0500 Original-Received: (qmail 27661 invoked by uid 1000); 30 Jan 2005 21:52:08 -0000 Original-To: emacs-devel@gnu.org Mail-Followup-To: emacs-devel@gnu.org Content-Disposition: inline In-Reply-To: <87r7k3zti5.fsf-monnier+emacs@gnu.org> User-Agent: Mutt/1.5.6i X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:32647 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:32647 Stefan Monnier wrote: > Han Boetes wrote: > > So I suggest not making backupfiles in world-writable > > directories. > > Agreed. It's a security hole since the backup file name is > predictable. > > > At least not in the world-writable directory itself. I setup > > ~/.tmp/backups as my backups dir here. > > Of course the deciding factor is whether the directory where the > backup file will be put is world-writable. Of course this problem applies to multiple editors. I also mentioned this problem to the OpenBSD-project regarding ``mg'' a mini emacs-clone. And they also recognized the problem. Todd Miller had the following to say: Todd Miller wrote: > I don't think this is the best way to do it. I think what we > really want is to use mkstemp() to create the temp file and then > just rename() it to the predictable name. If the rename fails, > we know someone is trying to attach us. If not, we are safe. Which is of course an elegant way to solve the whole business. Check this URL for the whole thread: http://marc.theaimsgroup.com/?t=110708237600001&r=1&w=2 # Han