From: Teemu Likonen <tlikonen@iki.fi>
To: emacs-pretest-bug@gnu.org
Subject: bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method
Date: Mon, 29 Jun 2009 18:16:30 +0300 [thread overview]
Message-ID: <87ljnbax4h.fsf@iki.fi> (raw)
When method /su: or /sudo: is used to _create_ a file the file's
permission will be set to -rwxrwxrwx (777), that is, allow everything
for everyone. Obviously this is serious security bug. Steps to
reproduce:
1. Start Emacs as a normal user:
emacs -Q
2. Create a file in a directory to which the user who launched this
Emacs session doesn't have write access.
C-x C-f /su::/root/test.txt
3. Write some content to the file and save it with "C-x C-s".
4. Check file's permissions. It has 777 permission bits:
$ ls -l /root/test.txt
-rwxrwxrwx 1 root root 5 2009-06-29 17:58 /root/test.txt
For some reason, if I create similar file to the same user's home
directory who launched this Emacs session (/su::$HOME/test.txt) then it
gets 644 permissions (probably honoring umask settings).
In GNU Emacs 23.1.50.4 (i686-pc-linux-gnu, GTK+ Version 2.12.12)
of 2009-06-29 on mithlond
Windowing system distributor `The X.Org Foundation', version 11.0.10402000
configured using `configure '--prefix=/home/dtw/local''
next reply other threads:[~2009-06-29 15:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <878wj9fzlb.fsf@iki.fi>
2009-06-29 15:16 ` Teemu Likonen [this message]
2009-06-29 19:10 ` bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method Teemu Likonen
2009-06-29 21:15 ` Michael Albinus
2009-06-29 22:01 ` Teemu Likonen
[not found] ` <mailman.1531.1246313856.2239.bug-gnu-emacs@gnu.org>
2009-06-29 22:31 ` Teemu Likonen
2009-06-30 12:21 ` Michael Albinus
2009-06-30 13:57 ` Teemu Likonen
2009-06-30 15:34 ` Michael Albinus
2009-06-30 16:40 ` bug#3712: marked as done (23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method) Emacs bug Tracking System
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ljnbax4h.fsf@iki.fi \
--to=tlikonen@iki.fi \
--cc=3712@emacsbugs.donarmstrong.com \
--cc=emacs-pretest-bug@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.