GNU bug report logs - #29182
CVE-2017-1000383: umask and backup files

Previous Next

Package: emacs;

Reported by: Glenn Morris <rgm <at> gnu.org>

Date: Mon, 6 Nov 2017 21:57:02 UTC

Severity: normal

Tags: notabug, security, wontfix

Found in version 25.3

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #3 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: submit <at> debbugs.gnu.org
Subject: CVE-2017-1000383: umask and backup files
Date: Mon, 06 Nov 2017 16:56:18 -0500

Package: emacs
Version: 25.3
Tags: security

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000383

  GNU Emacs version 25.3.1 (and other versions most likely) ignores umask
  when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in
  files that may be world readable or otherwise accessible in ways not
  intended by the user running the emacs binary.

[I'm not sure why this apparently hasn't been reported here before now?]

This bug report was last modified 4 years and 348 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #29182 CVE-2017-1000383: umask and backup files

GNU bug report logs - #29182
CVE-2017-1000383: umask and backup files