From unknown Sun Jun 22 22:41:24 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#17187 <17187@debbugs.gnu.org> To: bug#17187 <17187@debbugs.gnu.org> Subject: Status: 24.3.50.1 open-dribble-file stores pw Reply-To: bug#17187 <17187@debbugs.gnu.org> Date: Mon, 23 Jun 2025 05:41:24 +0000 retitle 17187 24.3.50.1 open-dribble-file stores pw reassign 17187 emacs submitter 17187 Andreas R=C3=B6hler severity 17187 important thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 04 13:31:27 2014 Received: (at submit) by debbugs.gnu.org; 4 Apr 2014 17:31:27 +0000 Received: from localhost ([127.0.0.1]:35631 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WW7xe-0007OX-JM for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:27 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44115) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WW7xb-0007OM-7f for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WW7xR-0005mq-84 for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39423) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xR-0005mm-5U for submit@debbugs.gnu.org; Fri, 04 Apr 2014 13:31:13 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45784) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xJ-0007kT-Ib for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:31:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WW7xA-0005ir-O4 for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:31:05 -0400 Received: from moutng.kundenserver.de ([212.227.17.13]:55723) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WW7xA-0005ih-Ca for bug-gnu-emacs@gnu.org; Fri, 04 Apr 2014 13:30:56 -0400 Received: from purzel.sitgens (brln-4dba7fd5.pool.mediaWays.net [77.186.127.213]) by mrelayeu.kundenserver.de (node=mreue102) with ESMTP (Nemesis) id 0Lc8iD-1WvWgc0DUj-00jdAR; Fri, 04 Apr 2014 19:30:55 +0200 Message-ID: <533EED70.9090709@easy-emacs.de> Date: Fri, 04 Apr 2014 19:35:44 +0200 From: =?ISO-8859-15?Q?Andreas_R=F6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: bug-gnu-emacs@gnu.org Subject: 24.3.50.1 open-dribble-file stores pw Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:y5g5HvaLr6gJ/L/SrbwwRh43DNbyK8ZaXX90cBjObGr z2+YzAGtDvbgYb1W9rDR8uZNz19nNP0eI6OrLmEVyXzptDMHFj w82Rp/phLGg01or1OGUojEcQp1BhNwBMYAG9qI+PW4wzkpGwIq /dUO979t6l3YEJhds2ruF30XIJlKsik2frTjU+VzrCqvanMUj9 L4SS0IbQn0VQAHQ/ToCG+bVzvbUUpiycA1p5342X8EGfnDYD8o vVau2xve7hvIbuVT/TmJi1CIx8UQE83UcHQynQGxgzXixJJiIp hnklRL4ewWfmvmegffNqEWIvMtnK+noqAllvX0KSibX+iQJAg4 UXUQ7yoq0VAllPyZVmcFD4bX7iQGDkBvrBeB7uA6x X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Emacs -Q from 2014-02-19 Passwort gets stored in plain text From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 04 17:42:05 2014 Received: (at 17187) by debbugs.gnu.org; 4 Apr 2014 21:42:05 +0000 Received: from localhost ([127.0.0.1]:35722 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWBsD-0006Ip-5A for submit@debbugs.gnu.org; Fri, 04 Apr 2014 17:42:05 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:50693) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWBsA-0006Ig-Mz for 17187@debbugs.gnu.org; Fri, 04 Apr 2014 17:42:03 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWBs9-0001Wb-Jb; Fri, 04 Apr 2014 17:42:01 -0400 From: Glenn Morris To: 17187@debbugs.gnu.org Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> X-Spook: rail gun CipherTAC-2000 FSF national information X-Ran: Q_}P=Tg4DQQ%h44i?%oz?dd\IT\Z>6H8J$pHN8%=#IK&r<<"o#$qVe}*t_W*"ex&lKRBGc X-Hue: yellow X-Attribution: GM Date: Fri, 04 Apr 2014 17:42:01 -0400 In-Reply-To: <533EED70.9090709@easy-emacs.de> ("Andreas =?utf-8?Q?R=C3=B6h?= =?utf-8?Q?ler=22's?= message of "Fri, 04 Apr 2014 19:35:44 +0200") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 17187 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) As suggested a decade ago, http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html the dribble file should be created with file permission bits = 600. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 03:50:16 2014 Received: (at submit) by debbugs.gnu.org; 5 Apr 2014 07:50:16 +0000 Received: from localhost ([127.0.0.1]:35839 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLMl-0007pc-85 for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:50:15 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59323) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLMa-0007pB-Cz for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:50:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLMT-0003gC-8k for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:50:03 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:52847) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLMT-0003g8-5x for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:49:57 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:32785) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLMN-0002kl-8g for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:49:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLMF-0003Vx-66 for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:49:51 -0400 Received: from moutng.kundenserver.de ([212.227.126.130]:58356) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLME-0003UX-SO for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:49:43 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue004) with ESMTP (Nemesis) id 0MOEPQ-1WQp2e1nQC-005afQ; Sat, 05 Apr 2014 09:49:40 +0200 Message-ID: <533FB6AF.1000607@easy-emacs.de> Date: Sat, 05 Apr 2014 09:54:23 +0200 From: =?ISO-8859-1?Q?Andreas_R=F6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: bug-gnu-emacs@gnu.org Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:Jio8bFssLIC88qMX9QAEzzByf6p6EdhD6Bqo8WaEu2i 1jwEYu61F1zm7c8gSOKPrAiHLmwRjeZkEiAZjl6ZGiMyj4MQCW gK0qz53Jd43bbkWL4XVoxDk+UWPwaLtKKMhX6Lcr3ND7sBZcx5 vaulURLP4date3VLONduw6C60teLfA0DAcOT9C5KMrwNchByox MTlPtDZH9xVeC2b8bzo95NVC0tSxpPJF9wsCIPbrlRrDyrNU2d gIKZqwm6qXypIu0HpIvAacfR3FoATL9U75BU/EQ0v8ncSS1tOI 9c/VwxqOkL4fn79X0mt51Fq2gAs46xxhwu/fm3Ka8DOTFjGpU+ 8MTu+d9iJt7Ra1vyZ1G9cvpjMq//GHCauTM3NfelU X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Am 04.04.2014 23:42, schrieb Glenn Morris: > > As suggested a decade ago, > > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > > the dribble file should be created with file permission bits = 600. So why Emacs doesn't set permissions accordingly? From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 03:53:58 2014 Received: (at submit) by debbugs.gnu.org; 5 Apr 2014 07:53:58 +0000 Received: from localhost ([127.0.0.1]:35865 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLQL-0007xy-Gi for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:57 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60249) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWLQG-0007xn-Hm for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLQ9-00080O-OH for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:52 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:39911) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLQ9-00080I-L5 for submit@debbugs.gnu.org; Sat, 05 Apr 2014 03:53:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33709) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLQ3-0005JH-Nl for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:53:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWLPx-0007t5-6L for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:53:39 -0400 Received: from moutng.kundenserver.de ([212.227.126.130]:52363) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWLPw-0007sU-Tr for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 03:53:33 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue001) with ESMTP (Nemesis) id 0MLFy5-1WW4R02lYP-000IZ3; Sat, 05 Apr 2014 09:53:32 +0200 Message-ID: <533FB79E.1000703@easy-emacs.de> Date: Sat, 05 Apr 2014 09:58:22 +0200 From: =?ISO-8859-1?Q?Andreas_R=F6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: bug-gnu-emacs@gnu.org Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:RoZwtJORLts6d7bUxU/lDpx88rjK3FP3Ypi9cymtIqZ W/mr1YhboZWAeLD7yP8AQGc6rWqzXMpJD2yHbWm6peX0qaKe4H khNTJ4apnYetSPFg/yhsMHFewTfbk77hxB0sThOl4j4MqFOByz JlAwM3Oxbhm/mxnANli/HN8sJOtf8nob2mrr29FJQXWGphZKDe ERumnC2+0Ro6UIaDQUZVzrsK5HqzhOrUjue8Vuk2Dr7Ph3V1n/ xEJEOHtjG8q/Ao2Lh96IwhCRVywkKp93rceAZhgYWNCcno1fJt 3uAEmheWHpHejQIlh9GKU0PKMGclRaklS1v2i0Hme7u/tTevMi Xykrhu2IzZaw01plhosQVg0ZmgCpz32sbHMfzvPN5 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Am 04.04.2014 23:42, schrieb Glenn Morris: > > As suggested a decade ago, > > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > > the dribble file should be created with file permission bits = 600. > BTW IMHO it's a serious security-hole, should be flagged accordingly. There will be numerous users with these kind of stuff during session. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 11:50:10 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 15:50:10 +0000 Received: from localhost ([127.0.0.1]:36985 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWSrB-0006XJ-4C for submit@debbugs.gnu.org; Sat, 05 Apr 2014 11:50:09 -0400 Received: from pruche.dit.umontreal.ca ([132.204.246.22]:42293) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWSr8-0006X0-23; Sat, 05 Apr 2014 11:50:06 -0400 Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by pruche.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s35Fo4PI026063; Sat, 5 Apr 2014 11:50:04 -0400 Received: by pastel.home (Postfix, from userid 20848) id 4D08860125; Sat, 5 Apr 2014 11:50:04 -0400 (EDT) From: Stefan Monnier To: Glenn Morris Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw Message-ID: References: <533EED70.9090709@easy-emacs.de> Date: Sat, 05 Apr 2014 11:50:04 -0400 In-Reply-To: (Glenn Morris's message of "Fri, 04 Apr 2014 17:42:01 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4903=0 X-NAI-Spam-Version: 2.3.0.9378 : core <4903> : inlines <692> : streams <1152654> : uri <1721263> X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.9 (-) severity 17187 important thanks > As suggested a decade ago, > http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html > the dribble file should be created with file permission bits = 600. Very much agreed. Stefan From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 12:32:53 2014 Received: (at submit) by debbugs.gnu.org; 5 Apr 2014 16:32:53 +0000 Received: from localhost ([127.0.0.1]:37014 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTWW-0000OX-7Z for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:52 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43233) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTWT-0000OO-3l for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWTWM-0002RO-8n for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:48 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:55714) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWTWM-0002RK-5M for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:32:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44921) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWTWG-00051H-31 for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 12:32:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WWTWA-0002Q3-6x for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 12:32:36 -0400 Received: from moutng.kundenserver.de ([212.227.126.131]:52912) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WWTW9-0002Px-UA for bug-gnu-emacs@gnu.org; Sat, 05 Apr 2014 12:32:30 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue004) with ESMTP (Nemesis) id 0M05tI-1Wraro2NhM-00uMCL; Sat, 05 Apr 2014 18:32:28 +0200 Message-ID: <53403137.2000202@easy-emacs.de> Date: Sat, 05 Apr 2014 18:37:11 +0200 From: =?ISO-8859-15?Q?Andreas_R=F6hler?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: bug-gnu-emacs@gnu.org Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:OSIYoCi8BFn8+r4VUdhU0LO786FeW9ifvnWUPLW1co2 Gn75JXBnB5Jq9X90BhPOCNS/y/jIdnHhEGGC/CI5GOB2IqAVGm 6ohexhVJfUPIT1gCMBtgJkEoJsqBlOgDiuhxMjhEWUvIXqXn47 zx8FQZiXJh5wz2Iu7nL2c8FHlTtk5M2Ncqgy8MKM/8BK1R5TeD q8zSClJyvQAnYLqNptj0EmbAbNJ9BF9VAuhwIjYCzpu4CFfm6I pBbUUiosiqT5meMYytUwqEvPviXskyKqWTvPUyQjcqz6jsFgXJ 92k9Kpm0tkA9FXGe0f9DHOQ087oWdcO0DLnl/wQ3wO7RCAMvDv 74x2cHuo15+9JkfyuKFIc/U0VJv+srhIFY3eKBMXR X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Am 05.04.2014 17:50, schrieb Stefan Monnier: > severity 17187 important > thanks > >> As suggested a decade ago, >> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >> the dribble file should be created with file permission bits = 600. > > Very much agreed. > > > Stefan > Will that solve the matter already? IMO a pw should never be stored as plain-text. File-permissions are not considered save in that context. Should be a way to replace the chars by "*" for example before writing it. Andreas From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 12:55:57 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 16:55:57 +0000 Received: from localhost ([127.0.0.1]:37024 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTsq-00012J-Kw for submit@debbugs.gnu.org; Sat, 05 Apr 2014 12:55:57 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:41646) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWTsk-000124-Gv for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 12:55:51 -0400 Received: from frontend1.mail.m-online.net (frontend1.mail.intern.m-online.net [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id 3g1PKK3Mtfz3hhbx; Sat, 5 Apr 2014 18:55:49 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3g1PKK275Hzbbcp; Sat, 5 Apr 2014 18:55:49 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.180]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id 3zPa01Vtpmw0; Sat, 5 Apr 2014 18:55:48 +0200 (CEST) X-Auth-Info: tpm9dRful21QiHPT+/x9IfVa/1tMg44dWC0R7YeogVc= Received: from igel.home (host-188-174-220-212.customer.m-online.net [188.174.220.212]) by mail.mnet-online.de (Postfix) with ESMTPA; Sat, 5 Apr 2014 18:55:48 +0200 (CEST) Received: by igel.home (Postfix, from userid 1000) id 0DBDE2C1D2A; Sat, 5 Apr 2014 18:55:48 +0200 (CEST) From: Andreas Schwab To: Andreas =?utf-8?Q?R=C3=B6hler?= Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> <53403137.2000202@easy-emacs.de> X-Yow: .. Once upon a time, four AMPHIBIOUS HOG CALLERS attacked a family of DEFENSELESS, SENSITIVE COIN COLLECTORS and brought DOWN their PROPERTY VALUES!! Date: Sat, 05 Apr 2014 18:55:47 +0200 In-Reply-To: <53403137.2000202@easy-emacs.de> ("Andreas =?utf-8?Q?R=C3=B6h?= =?utf-8?Q?ler=22's?= message of "Sat, 05 Apr 2014 18:37:11 +0200") Message-ID: <87y4zjsoks.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Andreas Röhler writes: > Will that solve the matter already? IMO a pw should never be stored as plain-text. The dribble file does not know what a password is. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 13:23:05 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 17:23:05 +0000 Received: from localhost ([127.0.0.1]:37037 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUJ6-0001vQ-Li for submit@debbugs.gnu.org; Sat, 05 Apr 2014 13:23:05 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:38521) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUJ3-0001uv-KY for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 13:23:02 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWUJ1-0005Qv-Gp; Sat, 05 Apr 2014 13:22:59 -0400 From: Glenn Morris To: Stefan Monnier Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> X-Spook: Lexis-Nexis 9/11 Ft. Meade anthrax INSCOM 2600 Magazine X-Ran: #|~MvS}E_jn?=~Q]9x3rNM<)jU),$f=)"nI?*F^@A%jo;C{/N3_p>.dFEP[|vOlq[4W&=q X-Hue: red X-Debbugs-No-Ack: yes X-Attribution: GM Date: Sat, 05 Apr 2014 13:22:59 -0400 In-Reply-To: (Stefan Monnier's message of "Sat, 05 Apr 2014 11:50:04 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Stefan Monnier wrote: >> As suggested a decade ago, >> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >> the dribble file should be created with file permission bits = 600. > > Very much agreed. PS maybe it should also abort with an error if the file already exists (and is a symlink or is not owned by the current user?). From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 14:02:43 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 18:02:43 +0000 Received: from localhost ([127.0.0.1]:37042 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUvS-0002xX-Ab for submit@debbugs.gnu.org; Sat, 05 Apr 2014 14:02:42 -0400 Received: from moutng.kundenserver.de ([212.227.126.187]:56172) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWUvN-0002xM-Ug for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 14:02:39 -0400 Received: from purzel.sitgens (brln-4db9e6fa.pool.mediaWays.net [77.185.230.250]) by mrelayeu.kundenserver.de (node=mreue001) with ESMTP (Nemesis) id 0MR7Py-1WRWJm0ar8-00UNiI; Sat, 05 Apr 2014 20:02:36 +0200 Message-ID: <5340465E.8090504@easy-emacs.de> Date: Sat, 05 Apr 2014 20:07:26 +0200 From: =?UTF-8?B?QW5kcmVhcyBSw7ZobGVy?= User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: Andreas Schwab Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> <53403137.2000202@easy-emacs.de> <87y4zjsoks.fsf@igel.home> In-Reply-To: <87y4zjsoks.fsf@igel.home> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Provags-ID: V02:K0:XxW3f4s/3laGccXACxgfTDh6lrmsLtTRZWszTPVkAuo AtUfIEOhe/uNX0d7qLRrR7Y61sdwZN5I1aR5q314jG+tS+ZMv8 XH/PKX2jnUhh+pXC535VK3iWFOPRb9KHUdOScdaiXhnoc+lxuH 1GT1S3ZJmp5fq3jZ3rZS4GxJG45gxlSMKDk+sExvbs8dLCG3GX /xrTTonRDicwMxx4asA4JTdINmi7ECsnu2BsaR4egYY/BCgVxl ZQZU98FZ2bN90Y4TRNCGljH7nSoh9aboF8jmdz64v9apC65QhA pnBvrRnmBCeOFbsiAmLo/B+WIGeWzbPfuXZwtv1k17Y+mhMM0+ 4lR3QdCmbAD+KzH1gUdNezcO912GYkQiW1H8yXLge X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Am 05.04.2014 18:55, schrieb Andreas Schwab: > Andreas Röhler writes: > >> Will that solve the matter already? IMO a pw should never be stored as plain-text. > > The dribble file does not know what a password is. > > Andreas. > As Emacs shell sent as prompt for pw, at least Emacs knows. All remains to do is to ship that info. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 15:24:07 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 19:24:07 +0000 Received: from localhost ([127.0.0.1]:37069 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWWCE-0005AX-NQ for submit@debbugs.gnu.org; Sat, 05 Apr 2014 15:24:07 -0400 Received: from mail-out.m-online.net ([212.18.0.10]:33888) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWWCB-0005AN-NF for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 15:24:05 -0400 Received: from frontend1.mail.m-online.net (frontend1.mail.intern.m-online.net [192.168.8.180]) by mail-out.m-online.net (Postfix) with ESMTP id 3g1ScL3Ppyz3hj17; Sat, 5 Apr 2014 21:24:02 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3g1ScL15C5zbbcd; Sat, 5 Apr 2014 21:24:02 +0200 (CEST) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.180]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id 3-7Wq4RxMD2i; Sat, 5 Apr 2014 21:24:01 +0200 (CEST) X-Auth-Info: FuQvcSKBibWklnUhAZeMfoIlb18SHlc7OxpyVQ2noBQ= Received: from igel.home (host-188-174-220-212.customer.m-online.net [188.174.220.212]) by mail.mnet-online.de (Postfix) with ESMTPA; Sat, 5 Apr 2014 21:24:01 +0200 (CEST) Received: by igel.home (Postfix, from userid 1000) id 3A7F72C357B; Sat, 5 Apr 2014 21:24:01 +0200 (CEST) From: Andreas Schwab To: Andreas =?utf-8?Q?R=C3=B6hler?= Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> <53403137.2000202@easy-emacs.de> <87y4zjsoks.fsf@igel.home> <5340465E.8090504@easy-emacs.de> X-Yow: Mmmmmm-MMMMMM!! A plate of STEAMING PIECES of a PIG mixed with the shreds of SEVERAL CHICKENS!!... Oh BOY!! I'm about to swallow a TORN-OFF section of a COW'S LEFT LEG soaked in COTTONSEED OIL and SUGAR!! .. Let's see.. Next, I'll have the GROUND-UP flesh of CUTE, BABY LAMBS fried in the MELTED, FATTY TISSUES from a warm-blooded animal someone once PETTED!! ... YUM!! That was GOOD!! For DESSERT, I'll have a TOFU BURGER with BEAN SPROUTS on a stone-ground, WHOLE WHEAT BUN!! Date: Sat, 05 Apr 2014 21:24:01 +0200 In-Reply-To: <5340465E.8090504@easy-emacs.de> ("Andreas =?utf-8?Q?R=C3=B6h?= =?utf-8?Q?ler=22's?= message of "Sat, 05 Apr 2014 20:07:26 +0200") Message-ID: <87siprshpq.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Andreas Röhler writes: > Am 05.04.2014 18:55, schrieb Andreas Schwab: >> Andreas Röhler writes: >> >>> Will that solve the matter already? IMO a pw should never be stored as plain-text. >> >> The dribble file does not know what a password is. >> >> Andreas. >> > > As Emacs shell sent as prompt for pw, at least Emacs knows. Not at this level. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 18:03:00 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 22:03:00 +0000 Received: from localhost ([127.0.0.1]:37136 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWYfy-00016c-Re for submit@debbugs.gnu.org; Sat, 05 Apr 2014 18:02:59 -0400 Received: from chene.dit.umontreal.ca ([132.204.246.20]:47657) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWYfw-00016S-Co for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 18:02:57 -0400 Received: from pastel.home (lechon.iro.umontreal.ca [132.204.27.242]) by chene.dit.umontreal.ca (8.14.1/8.14.1) with ESMTP id s35M2rxt025739; Sat, 5 Apr 2014 18:02:53 -0400 Received: by pastel.home (Postfix, from userid 20848) id 4BE13604AF; Sat, 5 Apr 2014 18:02:53 -0400 (EDT) From: Stefan Monnier To: Glenn Morris Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw Message-ID: References: <533EED70.9090709@easy-emacs.de> Date: Sat, 05 Apr 2014 18:02:53 -0400 In-Reply-To: (Glenn Morris's message of "Sat, 05 Apr 2014 13:22:59 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-NAI-Spam-Flag: NO X-NAI-Spam-Threshold: 5 X-NAI-Spam-Score: 0 X-NAI-Spam-Rules: 1 Rules triggered RV4903=0 X-NAI-Spam-Version: 2.3.0.9378 : core <4903> : inlines <693> : streams <1152730> : uri <1721447> X-Spam-Score: -1.9 (-) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.9 (-) >>> As suggested a decade ago, >>> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html >>> the dribble file should be created with file permission bits = 600. >> Very much agreed. > PS maybe it should also abort with an error if the file already exists > (and is a symlink or is not owned by the current user?). You mean it should be created with EXCL? Maybe. Then again, AFAIK this is only used for debugging purposes, so I'm not sure it's that important and you could assume that the user will normally specify a file in a directory she owns, where the attacker shouldn't be able to place a surreptitious symlink. Stefan From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 19:01:44 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 23:01:44 +0000 Received: from localhost ([127.0.0.1]:37159 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZap-0002hQ-KQ for submit@debbugs.gnu.org; Sat, 05 Apr 2014 19:01:44 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:42515) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZan-0002hI-86 for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 19:01:41 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWZam-0007dh-9w; Sat, 05 Apr 2014 19:01:40 -0400 From: Glenn Morris To: Stefan Monnier Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> X-Spook: cracking asset chameleon man Clinton CDC SRI spy Bosnia X-Ran: l,,jfhsbxLj*c6NcHmlgDT1]lE7R+C:su6;7Ow$j_J_pdC;`xtsrw$@l~u4Izv#HO0Ifl> X-Hue: green X-Debbugs-No-Ack: yes X-Attribution: GM Date: Sat, 05 Apr 2014 19:01:40 -0400 In-Reply-To: (Stefan Monnier's message of "Sat, 05 Apr 2014 18:02:53 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Lightly tested: *** src/keyboard.c 2014-04-05 18:33:55 +0000 --- src/keyboard.c 2014-04-05 22:59:00 +0000 *************** *** 20,25 **** --- 20,26 ---- #include #include "sysstdio.h" + #include #include "lisp.h" #include "termchar.h" *************** *** 10085,10092 **** } if (!NILP (file)) { file = Fexpand_file_name (file, Qnil); ! dribble = emacs_fopen (SSDATA (file), "w"); if (dribble == 0) report_file_error ("Opening dribble", file); } --- 10086,10100 ---- } if (!NILP (file)) { + int fd; file = Fexpand_file_name (file, Qnil); ! if (! NILP (Ffile_exists_p (file))) ! { ! if (chmod (SSDATA (file), 0600) < 0) ! report_file_error ("Doing chmod", file); ! } ! fd = emacs_open (SSDATA (file), O_WRONLY | O_CREAT | O_TRUNC, 0600); ! dribble = fd < 0 ? 0 : fdopen (fd, "w"); if (dribble == 0) report_file_error ("Opening dribble", file); } From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 19:14:26 2014 Received: (at 17187) by debbugs.gnu.org; 5 Apr 2014 23:14:26 +0000 Received: from localhost ([127.0.0.1]:37164 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZn7-00031I-Vz for submit@debbugs.gnu.org; Sat, 05 Apr 2014 19:14:26 -0400 Received: from dancol.org ([96.126.100.184]:39608) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWZn4-000319-D0 for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 19:14:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=6OsXvMcoxhSqftuFIhpK/Z81n9PLn+7/jFMC5YpfwxU=; b=kd0rmHxEBi1svtv56cB+oWvZRa4ICuLPnfZa0nNFrQaVUOt3tpBz9NOdll/aRuP0U1KByfqJebZQpVpeExl56juwpLzCG2fZDAMd2NS8MXK6azDYD8/lsRK9ObR/vmXi8Mldpm5fT/8qH5PamXYSO2ox4QqOTW9yBeHLfLDXwXilW41zUVEPtqg/FUBH83uZElnT4chJ9VgmS0FgBuHd3LKdAAGlYdjwJ1abjM1zwHVbqvY0b5CoTawR2SBVT0UvHu/5A2xBGqZmOkxtuwDWE4ejYW81kPB5gMcZeZjKyttqqsR0ic79ivPrgFvqIKtb7Koqc2/7KEjldlFJ+XThnQ==; Received: from [2601:8:b200:551::2b1] by dancol.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1WWZn2-0001CL-9a; Sat, 05 Apr 2014 16:14:20 -0700 Message-ID: <53408E4B.9060605@dancol.org> Date: Sat, 05 Apr 2014 16:14:19 -0700 From: Daniel Colascione User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Glenn Morris , Stefan Monnier Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="hiSa4j7newOwqDQCmTw2W07R4jmRweu2S" X-Spam-Score: -0.6 (/) X-Debbugs-Envelope-To: 17187 Cc: 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.6 (/) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --hiSa4j7newOwqDQCmTw2W07R4jmRweu2S Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 04/05/2014 04:01 PM, Glenn Morris wrote: > *************** > *** 10085,10092 **** > } > if (!NILP (file)) > { > file =3D Fexpand_file_name (file, Qnil); > ! dribble =3D emacs_fopen (SSDATA (file), "w"); > if (dribble =3D=3D 0) > report_file_error ("Opening dribble", file); > } > --- 10086,10100 ---- > } > if (!NILP (file)) > { > + int fd; > file =3D Fexpand_file_name (file, Qnil); > ! if (! NILP (Ffile_exists_p (file))) > ! { > ! if (chmod (SSDATA (file), 0600) < 0) > ! report_file_error ("Doing chmod", file); > ! } > ! fd =3D emacs_open (SSDATA (file), O_WRONLY | O_CREAT | O_TRUNC,= 0600); > ! dribble =3D fd < 0 ? 0 : fdopen (fd, "w"); > if (dribble =3D=3D 0) That's racy. What about using fchmod and falling back to post-open chmod for systems that don't have fchmod? --hiSa4j7newOwqDQCmTw2W07R4jmRweu2S Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTQI5LAAoJEMAaIROpHW7IlTIP/0SXjfl2wV0ljPvSMYxU2d9F WPJafH0riQdZsm4HLxTAM2J/bvTrtRHcJaqxtaMjWNmGAZgPrKYy7BWrvjJHVHw8 COGIOIEVaUuuhjYe6hk73AEh5DEPmwuDgjVk7C1BIZMwFqP8ebcmDab2zqy61BUM MirOg3PM457su+9aLogiBOjO+hPwQ/+72yfgOQWi+6CWf9Q1HIsO3aVOeH3+ZXTl m01cdpLZK8bUUz+hlE1rs29lBGHWwDL8MKjI6p+W9Ax8d8dinztsXi2RpBQVMXTG M/eDLMGXJDogEKlLdcseGXqqCHFJJ24228QYlVL7vOPu9H16EmsvnDi13/NC7p1N eJNSRlmynXUlXTJZlBXExroMepzVqIrErIPmCNYnqIs7T2B4H52f2mOIdJZx08gP qeRXG2XTlDtrvjlWSSm1TuoO76OSYByTJMVXuLUR+US5UKqmMbvZLqKboZorvV71 HUeCbGt2RnPXIGtsdWveVqE3lHz6H8CPiIsemc2VpXxNMxchZKKAMQdV817R9S4h 2D77xDMBg4HW3yKPZJUQLLh6CMG9uiiu0Bv8fxg8ljhjRi437JVbTJzt73Vgf3Ae RJljpzdW//+rDHCQyk5d6cfpGb15suuAbrKt7iHhJKg5qhE9pLB0AOxI0BIoZVgx 55J5Xrfuv8ySbGFP4rPJ =RFot -----END PGP SIGNATURE----- --hiSa4j7newOwqDQCmTw2W07R4jmRweu2S-- From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 05 22:05:13 2014 Received: (at 17187) by debbugs.gnu.org; 6 Apr 2014 02:05:13 +0000 Received: from localhost ([127.0.0.1]:37274 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWcSO-0000Gh-HN for submit@debbugs.gnu.org; Sat, 05 Apr 2014 22:05:12 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:44742) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WWcSN-0000GY-0O for 17187@debbugs.gnu.org; Sat, 05 Apr 2014 22:05:11 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WWcSM-0005ln-Gf; Sat, 05 Apr 2014 22:05:10 -0400 From: Glenn Morris To: Daniel Colascione Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> <53408E4B.9060605@dancol.org> X-Spook: world domination ISEC benelux COSCO Skipjack FSF X-Ran: nB9>e[5Kx.z*ws]>30R&x$X"Y6{ci+Wt*7Sr|ZF(lU[]pm13gteg_8!'\Ut^z01Fl6%6Aj X-Hue: black X-Debbugs-No-Ack: yes X-Attribution: GM Date: Sat, 05 Apr 2014 22:05:10 -0400 In-Reply-To: <53408E4B.9060605@dancol.org> (Daniel Colascione's message of "Sat, 05 Apr 2014 16:14:19 -0700") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 17187 Cc: Stefan Monnier , 17187@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Daniel Colascione wrote: > That's racy. What about using fchmod and falling back to post-open chmod > for systems that don't have fchmod? I'm no C coder, please feel free to improve it. But IIUC it's been argued that we don't need to guard against malicious intent here, only user oversight. From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 11 01:49:37 2014 Received: (at 17187-done) by debbugs.gnu.org; 11 Apr 2014 05:49:37 +0000 Received: from localhost ([127.0.0.1]:45097 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WYULJ-0000QR-9O for submit@debbugs.gnu.org; Fri, 11 Apr 2014 01:49:37 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:57814 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WYULG-0000Pm-Ci for 17187-done@debbugs.gnu.org; Fri, 11 Apr 2014 01:49:35 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WYULE-0005nc-KK; Fri, 11 Apr 2014 01:49:32 -0400 From: Glenn Morris To: 17187-done@debbugs.gnu.org Subject: Re: bug#17187: 24.3.50.1 open-dribble-file stores pw References: <533EED70.9090709@easy-emacs.de> X-Spook: AIEWS Clinton Hamas Serbian ammunition secure domestic X-Ran: f\/x.Pf{Ts5+RImUq^cp}6**o+)uMU@n?3'sFi=/p3PTH96zWW2bV(A"P-=}jNAUWWYAg& X-Hue: blue X-Debbugs-No-Ack: yes X-Attribution: GM Date: Fri, 11 Apr 2014 01:49:32 -0400 In-Reply-To: (Glenn Morris's message of "Sat, 05 Apr 2014 19:01:40 -0400") Message-ID: User-Agent: Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Score: -5.6 (-----) X-Debbugs-Envelope-To: 17187-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.6 (-----) Version: 24.4 File now created private. From unknown Sun Jun 22 22:41:24 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 09 May 2014 11:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator