From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#10400: auto-save permissions race condition Date: Thu, 29 Dec 2011 12:55:29 -0800 Organization: UCLA Computer Science Department Message-ID: <4EFCD3C1.50501@cs.ucla.edu> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Trace: dough.gmane.org 1325192183 7585 80.91.229.12 (29 Dec 2011 20:56:23 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 29 Dec 2011 20:56:23 +0000 (UTC) To: 10400@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Dec 29 21:56:19 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1RgN1K-0002ri-I5 for geb-bug-gnu-emacs@m.gmane.org; Thu, 29 Dec 2011 21:56:14 +0100 Original-Received: from localhost ([::1]:37257 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgN1J-00055R-Qm for geb-bug-gnu-emacs@m.gmane.org; Thu, 29 Dec 2011 15:56:13 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:51601) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgN1H-000552-Fu for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:56:12 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RgN1G-0006MG-Ex for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:56:11 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:58037) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgN1G-0006MB-C3 for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:56:10 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1RgN41-0004QH-Qm for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:59:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 29 Dec 2011 20:59:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 10400 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.132519231916969 (code B ref -1); Thu, 29 Dec 2011 20:59:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 29 Dec 2011 20:58:39 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RgN3e-0004Pd-62 for submit@debbugs.gnu.org; Thu, 29 Dec 2011 15:58:38 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1RgN3b-0004PS-BW for submit@debbugs.gnu.org; Thu, 29 Dec 2011 15:58:36 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RgN0o-0006KL-Ci for submit@debbugs.gnu.org; Thu, 29 Dec 2011 15:55:43 -0500 Original-Received: from lists.gnu.org ([140.186.70.17]:49701) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgN0o-0006KH-B5 for submit@debbugs.gnu.org; Thu, 29 Dec 2011 15:55:42 -0500 Original-Received: from eggs.gnu.org ([140.186.70.92]:51525) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgN0n-00053e-4C for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:55:42 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RgN0l-0006K5-MR for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:55:41 -0500 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:60164) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RgN0l-0006Jc-9S for bug-gnu-emacs@gnu.org; Thu, 29 Dec 2011 15:55:39 -0500 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 2E87139E800F for ; Thu, 29 Dec 2011 12:55:30 -0800 (PST) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N5p4qBb47fOD for ; Thu, 29 Dec 2011 12:55:28 -0800 (PST) Original-Received: from [192.168.1.10] (pool-71-189-109-235.lsanca.fios.verizon.net [71.189.109.235]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 390F839E800C for ; Thu, 29 Dec 2011 12:55:28 -0800 (PST) User-Agent: Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20111124 Thunderbird/8.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Thu, 29 Dec 2011 15:59:01 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:55280 Archived-At: Tags: patch This closes a minor security hole. === modified file 'src/ChangeLog' --- src/ChangeLog 2011-12-28 07:55:49 +0000 +++ src/ChangeLog 2011-12-29 20:44:31 +0000 @@ -1,3 +1,15 @@ +2011-12-29 Paul Eggert + + emacs: fix an auto-save permissions race condition + * fileio.c (auto_saving_dir_umask): New static var. + (Fmake_directory_internal): Use it. + (do_auto_save_make_dir): Set it, instead of invoking chmod after + creating the directory. The old code temporarily assigns + too-generous permissions to the directory. + (do_auto_save_eh): Clear it. + (Fdo_auto_save): Catch all errors, not just file errors, so + that the var is always cleared. + 2011-12-28 Kenichi Handa * coding.c (Fdefine_coding_system_internal): Make an utf-8 base === modified file 'src/fileio.c' --- src/fileio.c 2011-12-17 17:00:49 +0000 +++ src/fileio.c 2011-12-29 20:44:31 +0000 @@ -90,6 +90,9 @@ /* Nonzero during writing of auto-save files */ static int auto_saving; +/* Nonzero umask during creation of auto-save directories */ +static int auto_saving_dir_umask; + /* Set by auto_save_1 to mode of original file so Fwrite_region will create a new file with the same mode as the original */ static int auto_save_mode_bits; @@ -2062,7 +2065,7 @@ #ifdef WINDOWSNT if (mkdir (dir) != 0) #else - if (mkdir (dir, 0777) != 0) + if (mkdir (dir, 0777 & ~auto_saving_dir_umask) != 0) #endif report_file_error ("Creating directory", list1 (directory)); @@ -5205,16 +5208,18 @@ static Lisp_Object do_auto_save_make_dir (Lisp_Object dir) { - Lisp_Object mode; + Lisp_Object result; - call2 (Qmake_directory, dir, Qt); - XSETFASTINT (mode, 0700); - return Fset_file_modes (dir, mode); + auto_saving_dir_umask = 077; + result = call2 (Qmake_directory, dir, Qt); + auto_saving_dir_umask = 0; + return result; } static Lisp_Object do_auto_save_eh (Lisp_Object ignore) { + auto_saving_dir_umask = 0; return Qnil; } @@ -5282,7 +5287,7 @@ dir = Ffile_name_directory (listfile); if (NILP (Ffile_directory_p (dir))) internal_condition_case_1 (do_auto_save_make_dir, - dir, Fcons (Fcons (Qfile_error, Qnil), Qnil), + dir, Qt, do_auto_save_eh); UNGCPRO; }