From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Davis Herring" <herring@lanl.gov>
Newsgroups: gmane.emacs.devel,gmane.emacs.pretest.bugs
Subject: Re: creating backups in temporary directories
Date: Fri, 7 Sep 2007 12:43:56 -0700 (PDT)
Message-ID: <33123.128.165.123.18.1189194236.squirrel@webmail.lanl.gov>
References: <a9691ee20709070342w43d278cfmd4ca133068d35221@mail.gmail.com>
	<85sl5q5vy6.fsf@lola.goethe.zz>
	<jwvfy1q4axa.fsf-monnier+emacs@gnu.org>
Reply-To: herring@lanl.gov
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: sea.gmane.org 1189195156 8572 80.91.229.12 (7 Sep 2007 19:59:16 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Fri, 7 Sep 2007 19:59:16 +0000 (UTC)
Cc: Chris Moore <christopher.ian.moore@gmail.com>, emacs-pretest-bug@gnu.org
To: "Stefan Monnier" <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Sep 07 21:59:16 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1ITjyw-0000pE-A4
	for ged-emacs-devel@m.gmane.org; Fri, 07 Sep 2007 21:59:10 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1ITjyu-0008HF-8z
	for ged-emacs-devel@m.gmane.org; Fri, 07 Sep 2007 15:59:08 -0400
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1ITjtz-0001Da-Cd
	for emacs-devel@gnu.org; Fri, 07 Sep 2007 15:54:03 -0400
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1ITjtw-00017w-0Q
	for emacs-devel@gnu.org; Fri, 07 Sep 2007 15:54:00 -0400
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1ITjtv-00017P-3m
	for emacs-devel@gnu.org; Fri, 07 Sep 2007 15:53:59 -0400
Original-Received: from fencepost.gnu.org ([140.186.70.10])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <herring@lanl.gov>) id 1ITjtu-0008KD-35
	for emacs-devel@gnu.org; Fri, 07 Sep 2007 15:53:58 -0400
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by fencepost.gnu.org with esmtp (Exim 4.60)
	(envelope-from <herring@lanl.gov>) id 1ITjk5-00033A-Eo
	for emacs-pretest-bug@gnu.org; Fri, 07 Sep 2007 15:43:49 -0400
Original-Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim
	4.60) (envelope-from <herring@lanl.gov>) id 1ITjkL-0007vp-7f
	for emacs-pretest-bug@gnu.org; Fri, 07 Sep 2007 15:44:08 -0400
Original-Received: from mailwasher.lanl.gov ([192.65.95.54] helo=mailwasher-b.lanl.gov)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <herring@lanl.gov>)
	id 1ITjkK-0007tl-Fj; Fri, 07 Sep 2007 15:44:04 -0400
Original-Received: from mailrelay1.lanl.gov (mailrelay1.lanl.gov [128.165.4.101])
	by mailwasher-b.lanl.gov (8.13.8/8.13.6/(ccn-5)) with ESMTP id
	l87JhxCR017436; Fri, 7 Sep 2007 13:43:59 -0600
Original-Received: from webmail1.lanl.gov (webmail1.lanl.gov [128.165.4.106])
	by mailrelay1.lanl.gov (8.13.8/8.13.8/(ccn-5)) with ESMTP id
	l87Jhua9011623; Fri, 7 Sep 2007 13:43:56 -0600
Original-Received: from webmail1.lanl.gov (localhost.localdomain [127.0.0.1])
	by webmail1.lanl.gov (8.12.11.20060308/8.12.11) with ESMTP id
	l87JhuuO018756; Fri, 7 Sep 2007 13:43:56 -0600
Original-Received: (from apache@localhost)
	by webmail1.lanl.gov (8.12.11.20060308/8.12.11/Submit) id
	l87Jhulj018754; Fri, 7 Sep 2007 12:43:56 -0700
X-Authentication-Warning: webmail1.lanl.gov: apache set sender to
	herring@lanl.gov using -f
Original-Received: from 128.165.123.18 (SquirrelMail authenticated user 196434)
	by webmail.lanl.gov with HTTP; Fri, 7 Sep 2007 12:43:56 -0700 (PDT)
In-Reply-To: <jwvfy1q4axa.fsf-monnier+emacs@gnu.org>
User-Agent: SquirrelMail/1.4.8-6.el3.2lanl
X-Priority: 3 (Normal)
Importance: Normal
X-CTN-5-MailScanner-Information: Please see
	http://network.lanl.gov/email/virus-scan.php
X-CTN-5-MailScanner: Found to be clean
X-CTN-5-MailScanner-From: herring@lanl.gov
X-Detected-Kernel: Linux 2.4-2.6
X-Detected-Kernel: Linux 2.6, seldom 2.4 (older, 4)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:78192 gmane.emacs.pretest.bugs:19771
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/78192>

>> Because making a "backup" for a file in a place that is regularly
>> cleaned out is creating an illusion of security.
>
> Worse yet: creating backup files in /tmp would be a security hole:
> some other user seeing you're currently editing /tmp/foo could create
> a symlink /tmp/foo~ to some interesting place and then when you save your
> file the backup could be placed at that interesting place chosen by
> the attacker.

That could be avoided by unconditionally backing up by renaming in that
case, I suppose.

Davis

-- 
This product is sold by volume, not by mass.  If it appears too dense or
too sparse, it is because mass-energy conversion has occurred during
shipping.