From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs,gmane.emacs.pretest.bugs Subject: bug#865: 23.0.60; The directory is unsafe today Date: Fri, 05 Sep 2008 13:52:44 +0300 Message-ID: References: <48BD642C.5050405@gmail.com> <48BD74D5.4050800@gnu.org> <48BDD155.8060005@gnu.org> <48BF2171.8040101@gnu.org> <48BF5671.1040705@gnu.org> Reply-To: Eli Zaretskii , 865@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org X-Trace: ger.gmane.org 1220612876 376 80.91.229.12 (5 Sep 2008 11:07:56 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 5 Sep 2008 11:07:56 +0000 (UTC) Cc: emacs-pretest-bug@gnu.org, 865@emacsbugs.donarmstrong.com To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Sep 05 13:08:51 2008 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1KbZBI-00065k-9U for geb-bug-gnu-emacs@m.gmane.org; Fri, 05 Sep 2008 13:08:48 +0200 Original-Received: from localhost ([127.0.0.1]:44215 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KbZAI-0006C1-5Q for geb-bug-gnu-emacs@m.gmane.org; Fri, 05 Sep 2008 07:07:46 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KbZAB-0006Ba-5o for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 07:07:39 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KbZA8-0006Az-0Z for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 07:07:37 -0400 Original-Received: from [199.232.76.173] (port=39273 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KbZA7-0006Aw-QG for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 07:07:35 -0400 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:46907) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KbZA8-00059X-1s for bug-gnu-emacs@gnu.org; Fri, 05 Sep 2008 07:07:36 -0400 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m85B7Vnb025354; Fri, 5 Sep 2008 04:07:31 -0700 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id m85B05vO021721; Fri, 5 Sep 2008 04:00:05 -0700 X-Loop: don@donarmstrong.com Resent-From: Eli Zaretskii Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs Resent-Date: Fri, 05 Sep 2008 11:00:05 +0000 Resent-Message-ID: Resent-Sender: don@donarmstrong.com X-Emacs-PR-Message: report 865 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by 865-submit@emacsbugs.donarmstrong.com id=B865.122061197519620 (code B ref 865); Fri, 05 Sep 2008 11:00:05 +0000 Original-Received: (at 865) by emacsbugs.donarmstrong.com; 5 Sep 2008 10:52:55 +0000 Original-Received: from mtaout7.012.net.il (mtaout7.012.net.il [84.95.2.19]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m85AqpY7019611 for <865@emacsbugs.donarmstrong.com>; Fri, 5 Sep 2008 03:52:52 -0700 Original-Received: from HOME-C4E4A596F7 ([84.229.211.50]) by i-mtaout7.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0K6P005VAY90T1D0@i-mtaout7.012.net.il> for 865@emacsbugs.donarmstrong.com; Fri, 05 Sep 2008 13:53:29 +0300 (IDT) In-reply-to: X-012-Sender: halo1@inter.net.il X-CrossAssassin-Score: 2 X-detected-kernel: by monty-python.gnu.org: Linux 2.6 (newer, 3) Resent-Date: Fri, 05 Sep 2008 07:07:37 -0400 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:20194 gmane.emacs.pretest.bugs:22982 Archived-At: > From: Stefan Monnier > Cc: 865@emacsbugs.donarmstrong.com, Jason Rumney , emacs-pretest-bug@gnu.org > Date: Thu, 04 Sep 2008 23:11:10 -0400 > > I think the problem comes earlier: the (let ((default-file-modes ?\700)) > should make sure that the directory created there is owned by the use > and not by some Administator group. That's a different problem. I don't see how it can be solved without introducing a new primitive, which on Windows will DTRT. (I think GNU/Linux and Unix systems that support ACLs will need a similar primitive, but I don't know enough about those to say for sure.) There are a few other places in Emacs other than server.el that make similar tests, for reasons other than making sure the file/directory is private to the current user. Here's the list: files.el:file-ownership-preserved-p eshell/em-ls.el:eshell-ls-applicable net/ange-ftp.el:ange-ftp-parse-netrc (the last one is actually quite similar to server.el). > Of course, on FAT there's just nothing we can do and the > server-ensure-safe-dir functionality simply cannot be provided, so we > should then just skip the safety checks, On FAT, all files belong to a user called Everyone, who has a special UID of 0, so I think all these checks will simply pass, or at least they should.