GNU bug report logs - #13125
Fix permissions bugs with setgid directories etc.

Previous Next

Package: emacs;

Reported by: Paul Eggert <eggert <at> cs.ucla.edu>

Date: Sun, 9 Dec 2012 01:15:01 UTC

Severity: normal

Tags: patch, security

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Paul Eggert <eggert <at> cs.ucla.edu>
Subject: bug#13125: closed (Re: bug#13125: Fix permissions bugs with
 setgid directories etc.)
Date: Fri, 14 Dec 2012 19:02:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#13125: Fix permissions bugs with setgid directories etc.

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 13125 <at> debbugs.gnu.org.

-- 
13125: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13125
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: 13125-done <at> debbugs.gnu.org
Subject: Re: bug#13125: Fix permissions bugs with setgid directories etc.
Date: Fri, 14 Dec 2012 11:00:09 -0800

No further comment, so I installed the patch as trunk bzr 111233
and am marking the bug as done.


[Message part 3 (message/rfc822, inline)]
From: Paul Eggert <eggert <at> cs.ucla.edu>
To: bug-gnu-emacs <at> gnu.org
Subject: Fix permissions bugs with setgid directories etc.
Date: Sat, 08 Dec 2012 17:13:50 -0800

[Message part 4 (text/plain, inline)]
Tags: patch security

Emacs sometimes mishandles the permissions of files: even if
backup-by-copying-when-mismatch is set, Emacs sometimes replaces a
rewritten file with a file that has the wrong user or group.

Here's some background.

In several places Emacs assumes that on 4.2BSD hosts, a newly created
file is given a group ID equal to its parent directory, and that on
non-4.2BSD hosts the new files are given Emacs's group ID.  Although
this was true long ago, it hasn't been true for many years.  Most
commonly, the old 4.2BSD behavior is now selected by the setgid bit on
directories.  But on some hosts, the behavior is selected as a mount
flag, or (as in 4.2BSD) it's a property of the operating system.  On
network file systems the behavior is sometimes selected by the file
server, sometimes by the client.

To add to the mess, on FreeBSD systems, the setuid bit of directories
can control whether there's a similar inheritance of file ownership.
Luckily this problem is a bit simpler, in that it's not a property
of the OS or a mount flag, as far as I know.

I'm attaching a patch, which changes file-attributes so that it now
outputs a placeholder value instead of the old 9th attribute member,
since the value is rarely needed and almost nobody seems to be using
it or caring that it's wrong.  Instead, the patch moves this
functionality to file-ownership-preserved-p via a new argument GROUP.
The patch also adds new functions group-gid and group-real-gid for use
with the backup-file heuristic.

This patch is relative to trunk bzr 111160.

[setgiddir.txt (text/plain, attachment)]
This bug report was last modified 12 years and 164 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.