From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Teemu Likonen Newsgroups: gmane.emacs.bugs,gmane.emacs.pretest.bugs Subject: bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method Date: Mon, 29 Jun 2009 18:16:30 +0300 Message-ID: <87ljnbax4h.fsf@iki.fi> Reply-To: Teemu Likonen , 3712@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1246291394 30835 80.91.229.12 (29 Jun 2009 16:03:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 29 Jun 2009 16:03:14 +0000 (UTC) To: emacs-pretest-bug@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jun 29 18:03:02 2009 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1MLJGz-0002tv-4z for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Jun 2009 18:00:01 +0200 Original-Received: from localhost ([127.0.0.1]:45866 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLJGy-00031S-D0 for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Jun 2009 12:00:00 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1MLIvH-0007gy-Hh for bug-gnu-emacs@gnu.org; Mon, 29 Jun 2009 11:37:35 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1MLIvA-0007cC-QT for bug-gnu-emacs@gnu.org; Mon, 29 Jun 2009 11:37:33 -0400 Original-Received: from [199.232.76.173] (port=55774 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1MLIv9-0007b5-9h for bug-gnu-emacs@gnu.org; Mon, 29 Jun 2009 11:37:27 -0400 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:46353) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLIv8-0000bs-Ms for bug-gnu-emacs@gnu.org; Mon, 29 Jun 2009 11:37:27 -0400 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n5TFbOG2013793; Mon, 29 Jun 2009 08:37:24 -0700 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.14.3/8.14.3/Submit) id n5TFP5iT011618; Mon, 29 Jun 2009 08:25:05 -0700 X-Loop: owner@emacsbugs.donarmstrong.com Resent-From: Teemu Likonen Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs Resent-Date: Mon, 29 Jun 2009 15:25:05 +0000 Resent-Message-ID: Resent-Sender: owner@emacsbugs.donarmstrong.com X-Emacs-PR-Message: report 3712 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by submit@emacsbugs.donarmstrong.com id=B.124628863610667 (code B ref -1); Mon, 29 Jun 2009 15:25:05 +0000 Original-Received: (at submit) by emacsbugs.donarmstrong.com; 29 Jun 2009 15:17:16 +0000 X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available. hammytokens:Tokens not available. Original-Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10]) by rzlab.ucr.edu (8.14.3/8.14.3/Debian-5) with ESMTP id n5TFH9O1010661 for ; Mon, 29 Jun 2009 08:17:10 -0700 Original-Received: from mx10.gnu.org ([199.232.76.166]:55484) by fencepost.gnu.org with esmtp (Exim 4.67) (envelope-from ) id 1MLIbU-00018K-KX for emacs-pretest-bug@gnu.org; Mon, 29 Jun 2009 11:17:08 -0400 Original-Received: from Debian-exim by monty-python.gnu.org with spam-scanned (Exim 4.60) (envelope-from ) id 1MLIbR-0003Yd-40 for emacs-pretest-bug@gnu.org; Mon, 29 Jun 2009 11:17:07 -0400 Original-Received: from mx20.gnu.org ([199.232.41.8]:36682) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1MLIbP-0003Ut-Ti for emacs-pretest-bug@gnu.org; Mon, 29 Jun 2009 11:17:04 -0400 Original-Received: from mta-out.inet.fi ([195.156.147.13] helo=kirsi1.inet.fi) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1MLIbH-0003X1-Cv for emacs-pretest-bug@gnu.org; Mon, 29 Jun 2009 11:16:55 -0400 Original-Received: from mithlond.arda.local (80.220.180.181) by kirsi1.inet.fi (8.5.014) id 49F6055A0244348C for emacs-pretest-bug@gnu.org; Mon, 29 Jun 2009 18:16:46 +0300 Original-Received: from dtw by mithlond.arda.local with local (Exim 4.69) (envelope-from ) id 1MLIas-00051f-1M for emacs-pretest-bug@gnu.org; Mon, 29 Jun 2009 18:16:30 +0300 User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) X-Detected-Operating-System: by mx20.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by monty-python.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Resent-Date: Mon, 29 Jun 2009 11:37:32 -0400 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:29081 gmane.emacs.pretest.bugs:24711 Archived-At: When method /su: or /sudo: is used to _create_ a file the file's permission will be set to -rwxrwxrwx (777), that is, allow everything for everyone. Obviously this is serious security bug. Steps to reproduce: 1. Start Emacs as a normal user: emacs -Q 2. Create a file in a directory to which the user who launched this Emacs session doesn't have write access. C-x C-f /su::/root/test.txt 3. Write some content to the file and save it with "C-x C-s". 4. Check file's permissions. It has 777 permission bits: $ ls -l /root/test.txt -rwxrwxrwx 1 root root 5 2009-06-29 17:58 /root/test.txt For some reason, if I create similar file to the same user's home directory who launched this Emacs session (/su::$HOME/test.txt) then it gets 644 permissions (probably honoring umask settings). In GNU Emacs 23.1.50.4 (i686-pc-linux-gnu, GTK+ Version 2.12.12) of 2009-06-29 on mithlond Windowing system distributor `The X.Org Foundation', version 11.0.10402000 configured using `configure '--prefix=/home/dtw/local''