From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Glenn Morris Newsgroups: gmane.emacs.bugs Subject: bug#6953: 24.0.50; serious security bug in create backup files Date: Thu, 02 Sep 2010 01:38:42 -0400 Message-ID: References: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1283407807 4016 80.91.229.12 (2 Sep 2010 06:10:07 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 2 Sep 2010 06:10:07 +0000 (UTC) Cc: 6953@debbugs.gnu.org To: Mark Diekhans Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Sep 02 08:10:06 2010 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Or2zp-0008Rp-QH for geb-bug-gnu-emacs@m.gmane.org; Thu, 02 Sep 2010 08:10:02 +0200 Original-Received: from localhost ([127.0.0.1]:57879 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Or2zo-0008W0-VE for geb-bug-gnu-emacs@m.gmane.org; Thu, 02 Sep 2010 02:10:01 -0400 Original-Received: from [140.186.70.92] (port=34817 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Or2zd-0008US-4x for bug-gnu-emacs@gnu.org; Thu, 02 Sep 2010 02:09:50 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1Or2zb-0001Hq-II for bug-gnu-emacs@gnu.org; Thu, 02 Sep 2010 02:09:48 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:45411) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Or2zb-0001Hm-Fp for bug-gnu-emacs@gnu.org; Thu, 02 Sep 2010 02:09:47 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1Or2Us-0008BV-5u; Thu, 02 Sep 2010 01:38:02 -0400 X-Loop: help-debbugs@gnu.org In-Reply-To: Resent-From: Glenn Morris Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 02 Sep 2010 05:38:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 6953 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 6953-submit@debbugs.gnu.org id=B6953.128340582431450 (code B ref 6953); Thu, 02 Sep 2010 05:38:02 +0000 Original-Received: (at 6953) by debbugs.gnu.org; 2 Sep 2010 05:37:04 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Or2Tw-0008BD-JJ for submit@debbugs.gnu.org; Thu, 02 Sep 2010 01:37:04 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Or2Tu-0008Ar-D4 for 6953@debbugs.gnu.org; Thu, 02 Sep 2010 01:37:02 -0400 Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.69) (envelope-from ) id 1Or2VW-00068x-VE; Thu, 02 Sep 2010 01:38:42 -0400 X-Spook: Albania arrangements SDI BLU-114/B ASIO UMTS Honduras X-Ran: IP&tm/uyjx%O$^]-K:9 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:39892 Archived-At: Mark Diekhans wrote: > Emacs, should create the last ditch backup file as access only by the > user (no group or other access) before any data is written to the file > > Also, ~/%backup%~ should be configurable in a variable rather than hard > coded in lisp files.el. I don't think it is necessary for this to be configurable because it is just a fallback in case of error. Eg you can customize backup-directory-alist to control where backups normally go. A partial solution for the first problem is simple (below). Perhaps it would be better to use a private directory inside user-emacs-directory. But that is less visible, and maybe these files are supposed to be noticed? *** lisp/files.el 2010-08-18 08:07:58 +0000 --- lisp/files.el 2010-08-31 18:33:34 +0000 *************** *** 3681,3687 **** (message "Cannot write backup file; backing up in %s" backupname) (sleep-for 1) ! (backup-buffer-copy real-file-name backupname modes))) (setq buffer-backed-up t) ;; Now delete the old versions, if desired. (if delete-old-versions --- 3681,3691 ---- (message "Cannot write backup file; backing up in %s" backupname) (sleep-for 1) ! ;; The original file may have been in a private ! ;; directory, home might not be private. (Bug#6953) ! ;; Not a perfect solution since the file is only ! ;; made private after being written. ! (backup-buffer-copy real-file-name backupname #o0600))) (setq buffer-backed-up t) ;; Now delete the old versions, if desired. (if delete-old-versions