From: Paul Eggert <eggert@cs.ucla.edu>
To: 10400@debbugs.gnu.org
Subject: bug#10400: auto-save permissions race condition
Date: Thu, 29 Dec 2011 12:55:29 -0800 [thread overview]
Message-ID: <4EFCD3C1.50501@cs.ucla.edu> (raw)
Tags: patch
This closes a minor security hole.
=== modified file 'src/ChangeLog'
--- src/ChangeLog 2011-12-28 07:55:49 +0000
+++ src/ChangeLog 2011-12-29 20:44:31 +0000
@@ -1,3 +1,15 @@
+2011-12-29 Paul Eggert <eggert@cs.ucla.edu>
+
+ emacs: fix an auto-save permissions race condition
+ * fileio.c (auto_saving_dir_umask): New static var.
+ (Fmake_directory_internal): Use it.
+ (do_auto_save_make_dir): Set it, instead of invoking chmod after
+ creating the directory. The old code temporarily assigns
+ too-generous permissions to the directory.
+ (do_auto_save_eh): Clear it.
+ (Fdo_auto_save): Catch all errors, not just file errors, so
+ that the var is always cleared.
+
2011-12-28 Kenichi Handa <handa@m17n.org>
* coding.c (Fdefine_coding_system_internal): Make an utf-8 base
=== modified file 'src/fileio.c'
--- src/fileio.c 2011-12-17 17:00:49 +0000
+++ src/fileio.c 2011-12-29 20:44:31 +0000
@@ -90,6 +90,9 @@
/* Nonzero during writing of auto-save files */
static int auto_saving;
+/* Nonzero umask during creation of auto-save directories */
+static int auto_saving_dir_umask;
+
/* Set by auto_save_1 to mode of original file so Fwrite_region will create
a new file with the same mode as the original */
static int auto_save_mode_bits;
@@ -2062,7 +2065,7 @@
#ifdef WINDOWSNT
if (mkdir (dir) != 0)
#else
- if (mkdir (dir, 0777) != 0)
+ if (mkdir (dir, 0777 & ~auto_saving_dir_umask) != 0)
#endif
report_file_error ("Creating directory", list1 (directory));
@@ -5205,16 +5208,18 @@
static Lisp_Object
do_auto_save_make_dir (Lisp_Object dir)
{
- Lisp_Object mode;
+ Lisp_Object result;
- call2 (Qmake_directory, dir, Qt);
- XSETFASTINT (mode, 0700);
- return Fset_file_modes (dir, mode);
+ auto_saving_dir_umask = 077;
+ result = call2 (Qmake_directory, dir, Qt);
+ auto_saving_dir_umask = 0;
+ return result;
}
static Lisp_Object
do_auto_save_eh (Lisp_Object ignore)
{
+ auto_saving_dir_umask = 0;
return Qnil;
}
@@ -5282,7 +5287,7 @@
dir = Ffile_name_directory (listfile);
if (NILP (Ffile_directory_p (dir)))
internal_condition_case_1 (do_auto_save_make_dir,
- dir, Fcons (Fcons (Qfile_error, Qnil), Qnil),
+ dir, Qt,
do_auto_save_eh);
UNGCPRO;
}
next reply other threads:[~2011-12-29 20:55 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-29 20:55 Paul Eggert [this message]
2012-01-07 20:06 ` bug#10400: patch installed Paul Eggert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EFCD3C1.50501@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=10400@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.