* bug#39563: temp files @ 2020-02-11 11:32 Pedro Moreira 2020-02-11 15:08 ` Andreas Schwab ` (3 more replies) 0 siblings, 4 replies; 5+ messages in thread From: Pedro Moreira @ 2020-02-11 11:32 UTC (permalink / raw) To: 39563 Hello! if a user edits a php file using emacs directly at the webserver, emacs automatically saves a temp file at the same location, for example the user opens index.php, emacs stores a copy index.php~. Therefore the code in that file is exposed. If an attacker tries to access files like https://domain.com/index.php~ the server wont interpret that file as php and presents it as plain text exposing the source code. I know this could be resolved with webserver configuration. But it is a problem i just discovered and leaves me very unconfortable using emacs. Maybe should be better the temp file beying stored like index~.php or index.bck.php. Thanks ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#39563: temp files 2020-02-11 11:32 bug#39563: temp files Pedro Moreira @ 2020-02-11 15:08 ` Andreas Schwab 2020-02-11 15:15 ` Dmitry Gutov ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: Andreas Schwab @ 2020-02-11 15:08 UTC (permalink / raw) To: Pedro Moreira; +Cc: 39563 On Feb 11 2020, Pedro Moreira wrote: > if a user edits a php file using emacs directly at the webserver Surely you shouldn't be doing that with any editor. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#39563: temp files 2020-02-11 11:32 bug#39563: temp files Pedro Moreira 2020-02-11 15:08 ` Andreas Schwab @ 2020-02-11 15:15 ` Dmitry Gutov 2020-02-11 16:51 ` Corwin Brust 2021-08-30 1:22 ` bug#39563: default location of backup files Lars Ingebrigtsen 3 siblings, 0 replies; 5+ messages in thread From: Dmitry Gutov @ 2020-02-11 15:15 UTC (permalink / raw) To: Pedro Moreira, 39563 On 11.02.2020 13:32, Pedro Moreira wrote: > Therefore the code in that file is exposed. If an attacker tries to > access files like https://domain.com/index.php~ the server wont > interpret that file as php and presents it as plain text exposing the > source code. Would it be better for the server to interpret it as PHP code and allow an arbitrary visitor to run whatever intermediary version of your code that's in the backup? ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#39563: temp files 2020-02-11 11:32 bug#39563: temp files Pedro Moreira 2020-02-11 15:08 ` Andreas Schwab 2020-02-11 15:15 ` Dmitry Gutov @ 2020-02-11 16:51 ` Corwin Brust 2021-08-30 1:22 ` bug#39563: default location of backup files Lars Ingebrigtsen 3 siblings, 0 replies; 5+ messages in thread From: Corwin Brust @ 2020-02-11 16:51 UTC (permalink / raw) To: Pedro Moreira; +Cc: 39563 [-- Attachment #1: Type: text/plain, Size: 3316 bytes --] Greetings! On Tue, Feb 11, 2020, 08:43 Pedro Moreira <pedro.moreira@ipbeja.pt> wrote: > Hello! > > if a user edits a php file using emacs directly at the webserver, emacs > automatically saves a temp file at the same location, for example the > user opens index.php, emacs stores a copy index.php~. > > Therefore the code in that file is exposed. > Editing files directly under the server root while the server is running is a bit risky to start with. If you can use any sort of CI that will generally pay dividends in terms of "an ounce of prevention". > > I know this could be resolved with webserver configuration. Whether or not any of the Emacs condig changes I mention in the rest of the message seem useful, for Apache httpd 2, I definitely recommend something like: IgnoreIndex *~ <Files "*~$"> order allow deny deny from all </Files> For myself, I would focus on the Emacs side of the equation, considering first if I want backs in the situations, where they should be, and so forth. https://www.gnu.org/software/emacs/manual/html_node/elisp/Making-Backups.html Unless you/users happen to be accessing via remote Emacs sessions, in which case maybe you prefer something like : (add-to-list 'backup-directory-alist (cons tramp-file-name-regexp nil)) Or look at: enable-remote-dir-locals which could be used to set a backup disable (or storage plan) configabove in a .dirs-local file kept on the server. This setting would have to be configured on a given Emacs that is remotely accessing your web-server for the dirs-local file to be honored when using tramp to exit server files in place via remote emacs. But it is a > problem i just discovered and leaves me very unconfortable using emacs. > Point taken. I note this is called out in documentation for tramp although the example given is exposing ssh config info not raw delivery of server-side source. I can see an argument that the defaults, which enable backup on on save by renaming the original after appending a ~, could benefit from some defensive special case behaviour. For example, when tramp picks up autosave defaults, it could potentially use some of the special casing for su and so forth floating around EmacsWiki without taking away configures functionally. Some, at least, probably won't prefer this as a default. That said, special casing that would respect a path under an httpd2 document root or what-have-you seems like it should be the domain on a dedicated program that knowns a bit about web server products and can supply good defaults or otherwise use the servers config to DWIM. Maybe should be better the temp file beying stored like index~.php or > index.bck.php. > Options to set this up exist also, although i I haven't setup anything like this so far. This is what I would look at, except that, in the event I use the apache rule similar to the above because I *do* want in place backups anytime I find myself hot-patching under a doc-root but I don't want them shown when I allow directory index. (I currently allow access to the file if you know the name, which I probably should not. In my setup if you can figure out the name of the script that handles /foo/bar you can probably read HEAD-1 of source by hitting the backup file directly.) > Thanks > Is any of this helpful? > [-- Attachment #2: Type: text/html, Size: 5574 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#39563: default location of backup files 2020-02-11 11:32 bug#39563: temp files Pedro Moreira ` (2 preceding siblings ...) 2020-02-11 16:51 ` Corwin Brust @ 2021-08-30 1:22 ` Lars Ingebrigtsen 3 siblings, 0 replies; 5+ messages in thread From: Lars Ingebrigtsen @ 2021-08-30 1:22 UTC (permalink / raw) To: Pedro Moreira; +Cc: 39563 Pedro Moreira <pedro.moreira@ipbeja.pt> writes: > if a user edits a php file using emacs directly at the webserver, > emacs automatically saves a temp file at the same location, for > example the user opens index.php, emacs stores a copy index.php~. (I'm going through old bug reports that unfortunately weren't resolved at the time.) You can make Emacs save backup files somewhere else, like this, for instance: (setq backup-directory-alist '((".*" . "~/.emacs.d/aux/"))) While it's a concern that you could expose data if you're editing your running php files directly, I don't there's anything much Emacs can do to auto-detect that. So I'm closing this bug report. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-08-30 1:22 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2020-02-11 11:32 bug#39563: temp files Pedro Moreira 2020-02-11 15:08 ` Andreas Schwab 2020-02-11 15:15 ` Dmitry Gutov 2020-02-11 16:51 ` Corwin Brust 2021-08-30 1:22 ` bug#39563: default location of backup files Lars Ingebrigtsen
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.