From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Richard Stallman Newsgroups: gmane.emacs.devel,gmane.emacs.pretest.bugs Subject: Re: creating backups in temporary directories Date: Tue, 11 Sep 2007 16:32:04 -0400 Message-ID: References: <85sl5q5vy6.fsf@lola.goethe.zz> <87y7fii7bz.fsf@gmx.de> <85odgbobf0.fsf@lola.goethe.zz> <85bqcbnx30.fsf@lola.goethe.zz> <37852.128.165.123.18.1189451917.squirrel@webmail.lanl.gov> <37871.128.165.123.18.1189452201.squirrel@webmail.lanl.gov> Reply-To: rms@gnu.org NNTP-Posting-Host: lo.gmane.org Content-Type: text/plain; charset=ISO-8859-15 X-Trace: sea.gmane.org 1189543165 29958 80.91.229.12 (11 Sep 2007 20:39:25 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 11 Sep 2007 20:39:25 +0000 (UTC) Cc: schwab@suse.de, monnier@iro.umontreal.ca, emacs-pretest-bug@gnu.org, christopher.ian.moore@gmail.com, svenjoac@gmx.de To: herring@lanl.gov Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Sep 11 22:39:23 2007 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1IVCVu-00021K-Lu for ged-emacs-devel@m.gmane.org; Tue, 11 Sep 2007 22:39:14 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IVCVu-000793-O4 for ged-emacs-devel@m.gmane.org; Tue, 11 Sep 2007 16:39:14 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1IVCPP-0003lB-27 for emacs-devel@gnu.org; Tue, 11 Sep 2007 16:32:31 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1IVCPO-0003ki-CD for emacs-devel@gnu.org; Tue, 11 Sep 2007 16:32:30 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1IVCPO-0003kb-5u for emacs-devel@gnu.org; Tue, 11 Sep 2007 16:32:30 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1IVCPN-0005hd-Pc for emacs-devel@gnu.org; Tue, 11 Sep 2007 16:32:29 -0400 Original-Received: from rms by fencepost.gnu.org with local (Exim 4.60) (envelope-from ) id 1IVCOy-0000te-Pv; Tue, 11 Sep 2007 16:32:04 -0400 In-reply-to: <37871.128.165.123.18.1189452201.squirrel@webmail.lanl.gov> (herring@lanl.gov) X-Detected-Kernel: Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:78602 gmane.emacs.pretest.bugs:19848 Archived-At: This of course applies to the backup-by-copying case too: then just open /tmp/foo~ with O_EXCL when performing the copy, with /tmp/randomfile~ and "you have enemies" if it fails. The code in backup-buffer-copy already does part of this; it calls copy-file in a way that uses O_EXCL. If /tmp/foo~ already exists, rename it first to /tmp/backupforthebackup~ rather than unlinking it; we have to get it out of the way and use O_EXCL even if we own it in case the directory's owner is the attacker. Why is this needed? When we're doing the copy, the actual source file also exists.