From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas =?UTF-8?Q?R=C3=B6hler?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 04 Apr 2014 17:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 17187@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.139663268728436 (code B ref -1); Fri, 04 Apr 2014 17:32:02 +0000 Received: (at submit) by debbugs.gnu.org; 4 Apr 2014 17:31:27 +0000 Received: from localhost ([127.0.0.1]:35631 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WW7xe-0007OX-JM for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:27 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44115) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WW7xb-0007OM-7f for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WW7xR-0005mq-84 for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39423) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xR-0005mm-5U for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45784) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xJ-0007kT-Ib for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:31:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WW7xA-0005ir-O4 for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:31:05 -0400 Received: from moutng.kundenserver.de ([212.227.17.13]:55723) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xA-0005ih-Ca for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:30:56 -0400 Received: from purzel.sitgens (brln-4dba7fd5.pool.mediaWays.net [77.186.127.213]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0Lc8iD-1WvWgc0DUj-00jdAR; Fri, 04 Apr 2014 19:30:55 +0200 Message-ID: <533EED70.9090709@easy-emacs.de> Date: Fri, 04 Apr 2014 19:35:44 +0200 From: Andreas =?UTF-8?Q?R=C3=B6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:y5g5HvaLr6gJ/L/SrbwwRh43DNbyK8ZaXX90cBjObGr z2+YzAGtDvbgYb1W9rDR8uZNz19nNP0eI6OrLmEVyXzptDMHFj w82Rp/phLGg01or1OGUojEcQp1BhNwBMYAG9qI+PW4wzkpGwIq /dUO979t6l3YEJhds2ruF30XIJlKsik2frTjU+VzrCqvanMUj9 L4SS0IbQn0VQAHQ/ToCG+bVzvbUUpiycA1p5342X8EGfnDYD8o vVau2xve7hvIbuVT/TmJi1CIx8UQE83UcHQynQGxgzXixJJiIp hnklRL4ewWfmvmegffNqEWIvMtnK+noqAllvX0KSibX+iQJAg4 UXUQ7yoq0VAllPyZVmcFD4bX7iQGDkBvrBeB7uA6x X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Emacs -Q from 2014-02-19 Passwort gets stored in plain text From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 04 Apr 2014 21:43:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.139664772524235 (code B ref 17187); Fri, 04 Apr 2014 21:43:01 +0000 Received: (at 17187) by debbugs.gnu.org; 4 Apr 2014 21:42:05 +0000 Received: from localhost ([127.0.0.1]:35722 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWBsD-0006Ip-5A for submit@debbugs.gnu.org; Fri, 04 Apr 2014 17:42:05 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:50693) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWBsA-0006Ig-Mz for 17187@debbugs.gnu.org; Fri, 04 Apr 2014 17:42:03 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWBs9-0001Wb-Jb; Fri, 04 Apr 2014 17:42:01 -0400 From: Glenn Morris References: <533EED70.9090709@easy-emacs.de> X-Spook: rail gun CipherTAC-2000 FSF national information X-Ran: Q_}P=Tg4DQQ%h44i?%oz?dd\IT\Z>6H8J$pHN8%=#IK&r<<"o#$qVe}*t_W*"ex&lKRBGc X-Hue: yellow X-Attribution: GM Date: Fri, 04 Apr 2014 17:42:01 -0400 In-Reply-To: <533EED70.9090709@easy-emacs.de> ("Andreas =?UTF-8?Q?R=C3=B6hler?="'s message of "Fri, 04 Apr 2014 19:35:44 +0200") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) As suggested a decade ago, http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html the dribble file should be created with file permission bits = 600. From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas =?UTF-8?Q?R=C3=B6hler?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 07:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 17187@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.139668421630113 (code B ref -1); Sat, 05 Apr 2014 07:51:02 +0000 Received: (at submit) by debbugs.gnu.org; 5 Apr 2014 07:50:16 +0000 Received: from localhost ([127.0.0.1]:35839 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLMl-0007pc-85 for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:50:15 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59323) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLMa-0007pB-Cz for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:50:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLMT-0003gC-8k for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:50:03 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:52847) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLMT-0003g8-5x for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:49:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32785) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLMN-0002kl-8g for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:49:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLMF-0003Vx-66 for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:49:51 -0400 Received: from moutng.kundenserver.de ([212.227.126.130]:58356) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLME-0003UX-SO for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:49:43 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue004) with ESMTP (Nemesis) id 0MOEPQ-1WQp2e1nQC-005afQ; Sat, 05 Apr 2014 09:49:40 +0200 Message-ID: <533FB6AF.1000607@easy-emacs.de> Date: Sat, 05 Apr 2014 09:54:23 +0200 From: Andreas =?UTF-8?Q?R=C3=B6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 References: <533EED70.9090709@easy-emacs.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:Jio8bFssLIC88qMX9QAEzzByf6p6EdhD6Bqo8WaEu2i 1jwEYu61F1zm7c8gSOKPrAiHLmwRjeZkEiAZjl6ZGiMyj4MQCW gK0qz53Jd43bbkWL4XVoxDk+UWPwaLtKKMhX6Lcr3ND7sBZcx5 vaulURLP4date3VLONduw6C60teLfA0DAcOT9C5KMrwNchByox MTlPtDZH9xVeC2b8bzo95NVC0tSxpPJF9wsCIPbrlRrDyrNU2d gIKZqwm6qXypIu0HpIvAacfR3FoATL9U75BU/EQ0v8ncSS1tOI 9c/VwxqOkL4fn79X0mt51Fq2gAs46xxhwu/fm3Ka8DOTFjGpU+ 8MTu+d9iJt7Ra1vyZ1G9cvpjMq//GHCauTM3NfelU X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Am 04.04.2014 23:42, schrieb Glenn Morris: > > As suggested a decade ago, > > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > > the dribble file should be created with file permission bits = 600. So why Emacs doesn't set permissions accordingly? From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas =?UTF-8?Q?R=C3=B6hler?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 07:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 17187@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.139668443830630 (code B ref -1); Sat, 05 Apr 2014 07:54:02 +0000 Received: (at submit) by debbugs.gnu.org; 5 Apr 2014 07:53:58 +0000 Received: from localhost ([127.0.0.1]:35865 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLQL-0007xy-Gi for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60249) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLQG-0007xn-Hm for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLQ9-00080O-OH for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:52 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39911) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLQ9-00080I-L5 for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33709) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLQ3-0005JH-Nl for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:53:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLPx-0007t5-6L for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:53:39 -0400 Received: from moutng.kundenserver.de ([212.227.126.130]:52363) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLPw-0007sU-Tr for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:53:33 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue001) with ESMTP (Nemesis) id 0MLFy5-1WW4R02lYP-000IZ3; Sat, 05 Apr 2014 09:53:32 +0200 Message-ID: <533FB79E.1000703@easy-emacs.de> Date: Sat, 05 Apr 2014 09:58:22 +0200 From: Andreas =?UTF-8?Q?R=C3=B6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 References: <533EED70.9090709@easy-emacs.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:RoZwtJORLts6d7bUxU/lDpx88rjK3FP3Ypi9cymtIqZ W/mr1YhboZWAeLD7yP8AQGc6rWqzXMpJD2yHbWm6peX0qaKe4H khNTJ4apnYetSPFg/yhsMHFewTfbk77hxB0sThOl4j4MqFOByz JlAwM3Oxbhm/mxnANli/HN8sJOtf8nob2mrr29FJQXWGphZKDe ERumnC2+0Ro6UIaDQUZVzrsK5HqzhOrUjue8Vuk2Dr7Ph3V1n/ xEJEOHtjG8q/Ao2Lh96IwhCRVywkKp93rceAZhgYWNCcno1fJt 3uAEmheWHpHejQIlh9GKU0PKMGclRaklS1v2i0Hme7u/tTevMi Xykrhu2IzZaw01plhosQVg0ZmgCpz32sbHMfzvPN5 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Am 04.04.2014 23:42, schrieb Glenn Morris: > > As suggested a decade ago, > > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > > the dribble file should be created with file permission bits = 600. > BTW IMHO it's a serious security-hole, should be flagged accordingly. There will be numerous users with these kind of stuff during session. From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 15:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.139671301025139 (code B ref 17187); Sat, 05 Apr 2014 15:51:01 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 15:50:10 +0000 Received: from localhost ([127.0.0.1]:36985 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWSrB-0006XJ-4C for submit@debbugs.gnu.org; Sat, 05 Apr 2014 11:50:09 -0400 Received: from pruche.dit.umontreal.ca ([132.204.246.22]:42293) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWSr8-0006X0-23; Sat, 05 Apr 2014 11:50:06 -0400 Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by pruche.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s35Fo4PI026063; Sat, 5 Apr 2014 11:50:04 -0400 Received: by pastel.home (Postfix, from userid 20848) id 4D08860125; Sat, 5 Apr 2014 11:50:04 -0400 (EDT) From: Stefan Monnier Message-ID: References: <533EED70.9090709@easy-emacs.de> Date: Sat, 05 Apr 2014 11:50:04 -0400 In-Reply-To: (Glenn Morris's message of "Fri, 04 Apr 2014 17:42:01 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4903=0 X-NAI-Spam-Version: 2.3.0.9378 : core <4903> : inlines <692> : streams <1152654> : uri <1721263> X-Spam-Score: -1.9 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.9 (-) severity 17187 important thanks > As suggested a decade ago, > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > the dribble file should be created with file permission bits = 600. Very much agreed. Stefan From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas =?UTF-8?Q?R=C3=B6hler?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 16:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 17187@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.13967155731527 (code B ref -1); Sat, 05 Apr 2014 16:33:01 +0000 Received: (at submit) by debbugs.gnu.org; 5 Apr 2014 16:32:53 +0000 Received: from localhost ([127.0.0.1]:37014 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTWW-0000OX-7Z for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:52 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43233) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTWT-0000OO-3l for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWTWM-0002RO-8n for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:48 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:55714) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWTWM-0002RK-5M for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44921) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWTWG-00051H-31 for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 12:32:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWTWA-0002Q3-6x for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 12:32:36 -0400 Received: from moutng.kundenserver.de ([212.227.126.131]:52912) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWTW9-0002Px-UA for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 12:32:30 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue004) with ESMTP (Nemesis) id 0M05tI-1Wraro2NhM-00uMCL; Sat, 05 Apr 2014 18:32:28 +0200 Message-ID: <53403137.2000202@easy-emacs.de> Date: Sat, 05 Apr 2014 18:37:11 +0200 From: Andreas =?UTF-8?Q?R=C3=B6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 References: <533EED70.9090709@easy-emacs.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:OSIYoCi8BFn8+r4VUdhU0LO786FeW9ifvnWUPLW1co2 Gn75JXBnB5Jq9X90BhPOCNS/y/jIdnHhEGGC/CI5GOB2IqAVGm 6ohexhVJfUPIT1gCMBtgJkEoJsqBlOgDiuhxMjhEWUvIXqXn47 zx8FQZiXJh5wz2Iu7nL2c8FHlTtk5M2Ncqgy8MKM/8BK1R5TeD q8zSClJyvQAnYLqNptj0EmbAbNJ9BF9VAuhwIjYCzpu4CFfm6I pBbUUiosiqT5meMYytUwqEvPviXskyKqWTvPUyQjcqz6jsFgXJ 92k9Kpm0tkA9FXGe0f9DHOQ087oWdcO0DLnl/wQ3wO7RCAMvDv 74x2cHuo15+9JkfyuKFIc/U0VJv+srhIFY3eKBMXR X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Am 05.04.2014 17:50, schrieb Stefan Monnier: > severity 17187 important > thanks > >> As suggested a decade ago, >> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >> the dribble file should be created with file permission bits = 600. > > Very much agreed. > > > Stefan > Will that solve the matter already? IMO a pw should never be stored as plain-text. File-permissions are not considered save in that context. Should be a way to replace the chars by "*" for example before writing it. Andreas From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 16:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Andreas =?UTF-8?Q?R=C3=B6hler?= Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.13967169573994 (code B ref 17187); Sat, 05 Apr 2014 16:56:02 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 16:55:57 +0000 Received: from localhost ([127.0.0.1]:37024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTsq-00012J-Kw for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:55:57 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:41646) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTsk-000124-Gv for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 12:55:51 -0400 Received: from frontend1.mail.m-online.net (frontend1.mail.intern.m-online.net [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id 3g1PKK3Mtfz3hhbx; Sat, 5 Apr 2014 18:55:49 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3g1PKK275Hzbbcp; Sat, 5 Apr 2014 18:55:49 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.180]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id 3zPa01Vtpmw0; Sat, 5 Apr 2014 18:55:48 +0200 (CEST) X-Auth-Info: tpm9dRful21QiHPT+/x9IfVa/1tMg44dWC0R7YeogVc= Received: from igel.home (host-188-174-220-212.customer.m-online.net [188.174.220.212]) by mail.mnet-online.de (Postfix) with ESMTPA; Sat, 5 Apr 2014 18:55:48 +0200 (CEST) Received: by igel.home (Postfix, from userid 1000) id 0DBDE2C1D2A; Sat, 5 Apr 2014 18:55:48 +0200 (CEST) From: Andreas Schwab References: <533EED70.9090709@easy-emacs.de> <53403137.2000202@easy-emacs.de> X-Yow: .. Once upon a time, four AMPHIBIOUS HOG CALLERS attacked a family of DEFENSELESS, SENSITIVE COIN COLLECTORS and brought DOWN their PROPERTY VALUES!! Date: Sat, 05 Apr 2014 18:55:47 +0200 In-Reply-To: <53403137.2000202@easy-emacs.de> ("Andreas =?UTF-8?Q?R=C3=B6hler?="'s message of "Sat, 05 Apr 2014 18:37:11 +0200") Message-ID: <87y4zjsoks.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Andreas Röhler writes: > Will that solve the matter already? IMO a pw should never be stored as plain-text. The dribble file does not know what a password is. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 17:24:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Stefan Monnier Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.13967185857408 (code B ref 17187); Sat, 05 Apr 2014 17:24:02 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 17:23:05 +0000 Received: from localhost ([127.0.0.1]:37037 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUJ6-0001vQ-Li for submit@debbugs.gnu.org; Sat, 05 Apr 2014 13:23:05 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:38521) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUJ3-0001uv-KY for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 13:23:02 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWUJ1-0005Qv-Gp; Sat, 05 Apr 2014 13:22:59 -0400 From: Glenn Morris References: <533EED70.9090709@easy-emacs.de> X-Spook: Lexis-Nexis 9/11 Ft. Meade anthrax INSCOM 2600 Magazine X-Ran: #|~MvS}E_jn?=~Q]9x3rNM<)jU),$f=)"nI?*F^@A%jo;C{/N3_p>.dFEP[|vOlq[4W&=q X-Hue: red X-Attribution: GM Date: Sat, 05 Apr 2014 13:22:59 -0400 In-Reply-To: (Stefan Monnier's message of "Sat, 05 Apr 2014 11:50:04 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Stefan Monnier wrote: >> As suggested a decade ago, >> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >> the dribble file should be created with file permission bits = 600. > > Very much agreed. PS maybe it should also abort with an error if the file already exists (and is a symlink or is not owned by the current user?). From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas =?UTF-8?Q?R=C3=B6hler?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 18:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Andreas Schwab Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.139672096311384 (code B ref 17187); Sat, 05 Apr 2014 18:03:01 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 18:02:43 +0000 Received: from localhost ([127.0.0.1]:37042 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUvS-0002xX-Ab for submit@debbugs.gnu.org; Sat, 05 Apr 2014 14:02:42 -0400 Received: from moutng.kundenserver.de ([212.227.126.187]:56172) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUvN-0002xM-Ug for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 14:02:39 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue001) with ESMTP (Nemesis) id 0MR7Py-1WRWJm0ar8-00UNiI; Sat, 05 Apr 2014 20:02:36 +0200 Message-ID: <5340465E.8090504@easy-emacs.de> Date: Sat, 05 Apr 2014 20:07:26 +0200 From: Andreas =?UTF-8?Q?R=C3=B6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 References: <533EED70.9090709@easy-emacs.de> <53403137.2000202@easy-emacs.de> <87y4zjsoks.fsf@igel.home> In-Reply-To: <87y4zjsoks.fsf@igel.home> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:XxW3f4s/3laGccXACxgfTDh6lrmsLtTRZWszTPVkAuo AtUfIEOhe/uNX0d7qLRrR7Y61sdwZN5I1aR5q314jG+tS+ZMv8 XH/PKX2jnUhh+pXC535VK3iWFOPRb9KHUdOScdaiXhnoc+lxuH 1GT1S3ZJmp5fq3jZ3rZS4GxJG45gxlSMKDk+sExvbs8dLCG3GX /xrTTonRDicwMxx4asA4JTdINmi7ECsnu2BsaR4egYY/BCgVxl ZQZU98FZ2bN90Y4TRNCGljH7nSoh9aboF8jmdz64v9apC65QhA pnBvrRnmBCeOFbsiAmLo/B+WIGeWzbPfuXZwtv1k17Y+mhMM0+ 4lR3QdCmbAD+KzH1gUdNezcO912GYkQiW1H8yXLge X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Am 05.04.2014 18:55, schrieb Andreas Schwab: > Andreas Röhler writes: > >> Will that solve the matter already? IMO a pw should never be stored as plain-text. > > The dribble file does not know what a password is. > > Andreas. > As Emacs shell sent as prompt for pw, at least Emacs knows. All remains to do is to ship that info. From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 19:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Andreas =?UTF-8?Q?R=C3=B6hler?= Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.139672584719877 (code B ref 17187); Sat, 05 Apr 2014 19:25:01 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 19:24:07 +0000 Received: from localhost ([127.0.0.1]:37069 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWWCE-0005AX-NQ for submit@debbugs.gnu.org; Sat, 05 Apr 2014 15:24:07 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:33888) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWWCB-0005AN-NF for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 15:24:05 -0400 Received: from frontend1.mail.m-online.net (frontend1.mail.intern.m-online.net [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id 3g1ScL3Ppyz3hj17; Sat, 5 Apr 2014 21:24:02 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3g1ScL15C5zbbcd; Sat, 5 Apr 2014 21:24:02 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.180]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id 3-7Wq4RxMD2i; Sat, 5 Apr 2014 21:24:01 +0200 (CEST) X-Auth-Info: FuQvcSKBibWklnUhAZeMfoIlb18SHlc7OxpyVQ2noBQ= Received: from igel.home (host-188-174-220-212.customer.m-online.net [188.174.220.212]) by mail.mnet-online.de (Postfix) with ESMTPA; Sat, 5 Apr 2014 21:24:01 +0200 (CEST) Received: by igel.home (Postfix, from userid 1000) id 3A7F72C357B; Sat, 5 Apr 2014 21:24:01 +0200 (CEST) From: Andreas Schwab References: <533EED70.9090709@easy-emacs.de> <53403137.2000202@easy-emacs.de> <87y4zjsoks.fsf@igel.home> <5340465E.8090504@easy-emacs.de> X-Yow: Mmmmmm-MMMMMM!! A plate of STEAMING PIECES of a PIG mixed with the shreds of SEVERAL CHICKENS!!... Oh BOY!! I'm about to swallow a TORN-OFF section of a COW'S LEFT LEG soaked in COTTONSEED OIL and SUGAR!! .. Let's see.. Next, I'll have the GROUND-UP flesh of CUTE, BABY LAMBS fried in the MELTED, FATTY TISSUES from a warm-blooded animal someone once PETTED!! ... YUM!! That was GOOD!! For DESSERT, I'll have a TOFU BURGER with BEAN SPROUTS on a stone-ground, WHOLE WHEAT BUN!! Date: Sat, 05 Apr 2014 21:24:01 +0200 In-Reply-To: <5340465E.8090504@easy-emacs.de> ("Andreas =?UTF-8?Q?R=C3=B6hler?="'s message of "Sat, 05 Apr 2014 20:07:26 +0200") Message-ID: <87siprshpq.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Andreas Röhler writes: > Am 05.04.2014 18:55, schrieb Andreas Schwab: >> Andreas Röhler writes: >> >>> Will that solve the matter already? IMO a pw should never be stored as plain-text. >> >> The dribble file does not know what a password is. >> >> Andreas. >> > > As Emacs shell sent as prompt for pw, at least Emacs knows. Not at this level. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 22:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.13967353804259 (code B ref 17187); Sat, 05 Apr 2014 22:03:01 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 22:03:00 +0000 Received: from localhost ([127.0.0.1]:37136 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWYfy-00016c-Re for submit@debbugs.gnu.org; Sat, 05 Apr 2014 18:02:59 -0400 Received: from chene.dit.umontreal.ca ([132.204.246.20]:47657) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWYfw-00016S-Co for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 18:02:57 -0400 Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s35M2rxt025739; Sat, 5 Apr 2014 18:02:53 -0400 Received: by pastel.home (Postfix, from userid 20848) id 4BE13604AF; Sat, 5 Apr 2014 18:02:53 -0400 (EDT) From: Stefan Monnier Message-ID: References: <533EED70.9090709@easy-emacs.de> Date: Sat, 05 Apr 2014 18:02:53 -0400 In-Reply-To: (Glenn Morris's message of "Sat, 05 Apr 2014 13:22:59 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4903=0 X-NAI-Spam-Version: 2.3.0.9378 : core <4903> : inlines <693> : streams <1152730> : uri <1721447> X-Spam-Score: -1.9 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.9 (-) >>> As suggested a decade ago, >>> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >>> the dribble file should be created with file permission bits = 600. >> Very much agreed. > PS maybe it should also abort with an error if the file already exists > (and is a symlink or is not owned by the current user?). You mean it should be created with EXCL? Maybe. Then again, AFAIK this is only used for debugging purposes, so I'm not sure it's that important and you could assume that the user will normally specify a file in a directory she owns, where the attacker shouldn't be able to place a surreptitious symlink. Stefan From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 23:02:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Stefan Monnier Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.139673890410384 (code B ref 17187); Sat, 05 Apr 2014 23:02:01 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 23:01:44 +0000 Received: from localhost ([127.0.0.1]:37159 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZap-0002hQ-KQ for submit@debbugs.gnu.org; Sat, 05 Apr 2014 19:01:44 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:42515) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZan-0002hI-86 for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 19:01:41 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWZam-0007dh-9w; Sat, 05 Apr 2014 19:01:40 -0400 From: Glenn Morris References: <533EED70.9090709@easy-emacs.de> X-Spook: cracking asset chameleon man Clinton CDC SRI spy Bosnia X-Ran: l,,jfhsbxLj*c6NcHmlgDT1]lE7R+C:su6;7Ow$j_J_pdC;`xtsrw$@l~u4Izv#HO0Ifl> X-Hue: green X-Attribution: GM Date: Sat, 05 Apr 2014 19:01:40 -0400 In-Reply-To: (Stefan Monnier's message of "Sat, 05 Apr 2014 18:02:53 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Lightly tested: *** src/keyboard.c 2014-04-05 18:33:55 +0000 --- src/keyboard.c 2014-04-05 22:59:00 +0000 *************** *** 20,25 **** --- 20,26 ---- #include #include "sysstdio.h" + #include #include "lisp.h" #include "termchar.h" *************** *** 10085,10092 **** } if (!NILP (file)) { file = Fexpand_file_name (file, Qnil); ! dribble = emacs_fopen (SSDATA (file), "w"); if (dribble == 0) report_file_error ("Opening dribble", file); } --- 10086,10100 ---- } if (!NILP (file)) { + int fd; file = Fexpand_file_name (file, Qnil); ! if (! NILP (Ffile_exists_p (file))) ! { ! if (chmod (SSDATA (file), 0600) < 0) ! report_file_error ("Doing chmod", file); ! } ! fd = emacs_open (SSDATA (file), O_WRONLY | O_CREAT | O_TRUNC, 0600); ! dribble = fd < 0 ? 0 : fdopen (fd, "w"); if (dribble == 0) report_file_error ("Opening dribble", file); } From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Daniel Colascione Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 05 Apr 2014 23:15:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Glenn Morris , Stefan Monnier Cc: 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.139673966611617 (code B ref 17187); Sat, 05 Apr 2014 23:15:02 +0000 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 23:14:26 +0000 Received: from localhost ([127.0.0.1]:37164 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZn7-00031I-Vz for submit@debbugs.gnu.org; Sat, 05 Apr 2014 19:14:26 -0400 Received: from dancol.org ([96.126.100.184]:39608) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZn4-000319-D0 for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 19:14:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=6OsXvMcoxhSqftuFIhpK/Z81n9PLn+7/jFMC5YpfwxU=; b=kd0rmHxEBi1svtv56cB+oWvZRa4ICuLPnfZa0nNFrQaVUOt3tpBz9NOdll/aRuP0U1KByfqJebZQpVpeExl56juwpLzCG2fZDAMd2NS8MXK6azDYD8/lsRK9ObR/vmXi8Mldpm5fT/8qH5PamXYSO2ox4QqOTW9yBeHLfLDXwXilW41zUVEPtqg/FUBH83uZElnT4chJ9VgmS0FgBuHd3LKdAAGlYdjwJ1abjM1zwHVbqvY0b5CoTawR2SBVT0UvHu/5A2xBGqZmOkxtuwDWE4ejYW81kPB5gMcZeZjKyttqqsR0ic79ivPrgFvqIKtb7Koqc2/7KEjldlFJ+XThnQ==; Received: from [2601:8:b200:551::2b1] by dancol.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1WWZn2-0001CL-9a; Sat, 05 Apr 2014 16:14:20 -0700 Message-ID: <53408E4B.9060605@dancol.org> Date: Sat, 05 Apr 2014 16:14:19 -0700 From: Daniel Colascione User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 References: <533EED70.9090709@easy-emacs.de> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hiSa4j7newOwqDQCmTw2W07R4jmRweu2S" X-Spam-Score: -0.6 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.6 (/) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hiSa4j7newOwqDQCmTw2W07R4jmRweu2S Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/05/2014 04:01 PM, Glenn Morris wrote: > *************** > *** 10085,10092 **** > } > if (!NILP (file)) > { > file =3D Fexpand_file_name (file, Qnil); > ! dribble =3D emacs_fopen (SSDATA (file), "w"); > if (dribble =3D=3D 0) > report_file_error ("Opening dribble", file); > } > --- 10086,10100 ---- > } > if (!NILP (file)) > { > + int fd; > file =3D Fexpand_file_name (file, Qnil); > ! if (! NILP (Ffile_exists_p (file))) > ! { > ! if (chmod (SSDATA (file), 0600) < 0) > ! report_file_error ("Doing chmod", file); > ! } > ! fd =3D emacs_open (SSDATA (file), O_WRONLY | O_CREAT | O_TRUNC,= 0600); > ! dribble =3D fd < 0 ? 0 : fdopen (fd, "w"); > if (dribble =3D=3D 0) That's racy. What about using fchmod and falling back to post-open chmod for systems that don't have fchmod? --hiSa4j7newOwqDQCmTw2W07R4jmRweu2S Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTQI5LAAoJEMAaIROpHW7IlTIP/0SXjfl2wV0ljPvSMYxU2d9F WPJafH0riQdZsm4HLxTAM2J/bvTrtRHcJaqxtaMjWNmGAZgPrKYy7BWrvjJHVHw8 COGIOIEVaUuuhjYe6hk73AEh5DEPmwuDgjVk7C1BIZMwFqP8ebcmDab2zqy61BUM MirOg3PM457su+9aLogiBOjO+hPwQ/+72yfgOQWi+6CWf9Q1HIsO3aVOeH3+ZXTl m01cdpLZK8bUUz+hlE1rs29lBGHWwDL8MKjI6p+W9Ax8d8dinztsXi2RpBQVMXTG M/eDLMGXJDogEKlLdcseGXqqCHFJJ24228QYlVL7vOPu9H16EmsvnDi13/NC7p1N eJNSRlmynXUlXTJZlBXExroMepzVqIrErIPmCNYnqIs7T2B4H52f2mOIdJZx08gP qeRXG2XTlDtrvjlWSSm1TuoO76OSYByTJMVXuLUR+US5UKqmMbvZLqKboZorvV71 HUeCbGt2RnPXIGtsdWveVqE3lHz6H8CPiIsemc2VpXxNMxchZKKAMQdV817R9S4h 2D77xDMBg4HW3yKPZJUQLLh6CMG9uiiu0Bv8fxg8ljhjRi437JVbTJzt73Vgf3Ae RJljpzdW//+rDHCQyk5d6cfpGb15suuAbrKt7iHhJKg5qhE9pLB0AOxI0BIoZVgx 55J5Xrfuv8ySbGFP4rPJ =RFot -----END PGP SIGNATURE----- --hiSa4j7newOwqDQCmTw2W07R4jmRweu2S-- From unknown Sun Jun 22 22:46:55 2025 X-Loop: help-debbugs@gnu.org Subject: bug#17187: 24.3.50.1 open-dribble-file stores pw Resent-From: Glenn Morris Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 06 Apr 2014 02:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 17187 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Daniel Colascione Cc: Stefan Monnier , 17187@debbugs.gnu.org Received: via spool by 17187-submit@debbugs.gnu.org id=B17187.13967499131039 (code B ref 17187); Sun, 06 Apr 2014 02:06:01 +0000 Received: (at 17187) by debbugs.gnu.org; 6 Apr 2014 02:05:13 +0000 Received: from localhost ([127.0.0.1]:37274 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWcSO-0000Gh-HN for submit@debbugs.gnu.org; Sat, 05 Apr 2014 22:05:12 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:44742) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWcSN-0000GY-0O for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 22:05:11 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWcSM-0005ln-Gf; Sat, 05 Apr 2014 22:05:10 -0400 From: Glenn Morris References: <533EED70.9090709@easy-emacs.de> <53408E4B.9060605@dancol.org> X-Spook: world domination ISEC benelux COSCO Skipjack FSF X-Ran: nB9>e[5Kx.z*ws]>30R&x$X"Y6{ci+Wt*7Sr|ZF(lU[]pm13gteg_8!'\Ut^z01Fl6%6Aj X-Hue: black X-Attribution: GM Date: Sat, 05 Apr 2014 22:05:10 -0400 In-Reply-To: <53408E4B.9060605@dancol.org> (Daniel Colascione's message of "Sat, 05 Apr 2014 16:14:19 -0700") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Daniel Colascione wrote: > That's racy. What about using fchmod and falling back to post-open chmod > for systems that don't have fchmod? I'm no C coder, please feel free to improve it. But IIUC it's been argued that we don't need to guard against malicious intent here, only user oversight. From unknown Sun Jun 22 22:46:55 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.503 (Entity 5.503) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Andreas =?UTF-8?Q?R=C3=B6hler?= Subject: bug#17187: closed (Re: bug#17187: 24.3.50.1 open-dribble-file stores pw) Message-ID: References: <533EED70.9090709@easy-emacs.de> X-Gnu-PR-Message: they-closed 17187 X-Gnu-PR-Package: emacs Reply-To: 17187@debbugs.gnu.org Date: Fri, 11 Apr 2014 05:50:04 +0000 Content-Type: multipart/mixed; boundary="----------=_1397195404-1719-1" This is a multi-part message in MIME format... ------------=_1397195404-1719-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #17187: 24.3.50.1 open-dribble-file stores pw which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 17187@debbugs.gnu.org. --=20 17187: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D17187 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1397195404-1719-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 17187-done) by debbugs.gnu.org; 11 Apr 2014 05:49:37 +0000 Received: from localhost ([127.0.0.1]:45097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WYULJ-0000QR-9O for submit@debbugs.gnu.org; Fri, 11 Apr 2014 01:49:37 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:57814 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WYULG-0000Pm-Ci for 17187-done@debbugs.gnu.org; Fri, 11 Apr 2014 01:49:35 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WYULE-0005nc-KK; Fri, 11 Apr 2014 01:49:32 -0400 From: Glenn Morris To: 17187-done@debbugs.gnu.org Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> X-Spook: AIEWS Clinton Hamas Serbian ammunition secure domestic X-Ran: f\/x.Pf{Ts5+RImUq^cp}6**o+)uMU@n?3'sFi=/p3PTH96zWW2bV(A"P-=}jNAUWWYAg& X-Hue: blue X-Debbugs-No-Ack: yes X-Attribution: GM Date: Fri, 11 Apr 2014 01:49:32 -0400 In-Reply-To: (Glenn Morris's message of "Sat, 05 Apr 2014 19:01:40 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 17187-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Version: 24.4 File now created private. ------------=_1397195404-1719-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 4 Apr 2014 17:31:27 +0000 Received: from localhost ([127.0.0.1]:35631 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WW7xe-0007OX-JM for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:27 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44115) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WW7xb-0007OM-7f for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WW7xR-0005mq-84 for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39423) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xR-0005mm-5U for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45784) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xJ-0007kT-Ib for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:31:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WW7xA-0005ir-O4 for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:31:05 -0400 Received: from moutng.kundenserver.de ([212.227.17.13]:55723) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xA-0005ih-Ca for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:30:56 -0400 Received: from purzel.sitgens (brln-4dba7fd5.pool.mediaWays.net [77.186.127.213]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0Lc8iD-1WvWgc0DUj-00jdAR; Fri, 04 Apr 2014 19:30:55 +0200 Message-ID: <533EED70.9090709@easy-emacs.de> Date: Fri, 04 Apr 2014 19:35:44 +0200 From: =?ISO-8859-15?Q?Andreas_R=F6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: bug-gnu-emacs@gnu.org Subject: 24.3.50.1 open-dribble-file stores pw Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:y5g5HvaLr6gJ/L/SrbwwRh43DNbyK8ZaXX90cBjObGr z2+YzAGtDvbgYb1W9rDR8uZNz19nNP0eI6OrLmEVyXzptDMHFj w82Rp/phLGg01or1OGUojEcQp1BhNwBMYAG9qI+PW4wzkpGwIq /dUO979t6l3YEJhds2ruF30XIJlKsik2frTjU+VzrCqvanMUj9 L4SS0IbQn0VQAHQ/ToCG+bVzvbUUpiycA1p5342X8EGfnDYD8o vVau2xve7hvIbuVT/TmJi1CIx8UQE83UcHQynQGxgzXixJJiIp hnklRL4ewWfmvmegffNqEWIvMtnK+noqAllvX0KSibX+iQJAg4 UXUQ7yoq0VAllPyZVmcFD4bX7iQGDkBvrBeB7uA6x X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Emacs -Q from 2014-02-19 Passwort gets stored in plain text ------------=_1397195404-1719-1--