GNU bug report logs -
#6953
24.0.50; serious security bug in create backup files
Previous Next
Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>
Date: Tue, 31 Aug 2010 06:13:02 UTC
Severity: important
Found in version 24.0.50
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 6953 in the body.
You can then email your comments to 6953 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Tue, 31 Aug 2010 06:13:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Mark Diekhans <markd <at> soe.ucsc.edu>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Tue, 31 Aug 2010 06:13:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
When emacs is forced into writing "~/%backup%~", it may expose protected
data to being read by others. For instance, a file that is protect by
directory permissions rather than file permissions could end up being
written in a world readable home directory. For instance I just
discovered that ~/%backup%~ was a world readable copy of my mail box on
a shared file system.
Emacs, should create the last ditch backup file as access only by the
user (no group or other access) before any data is written to the file
Also, ~/%backup%~ should be configurable in a variable rather than hard
coded in lisp files.el.
In GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu)
of 2010-08-30 on hgwdev
configured using `configure '--prefix=/cluster/home/markd/compbio/work/emacs/local' 'CFLAGS=-g -O2' 'LDFLAGS=-L/cluster/home/markd/opt/centos5.2/x86_64/lib' 'CPPFLAGS=-I/cluster/home/markd/opt/centos5.2/x86_64/include''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: C
value of $XMODIFIERS: nil
locale-coding-system: nil
default enable-multibyte-characters: t
Major mode: Emacs-Lisp
Minor modes in effect:
display-time-mode: t
shell-dirtrack-mode: t
tooltip-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
abbrev-mode: t
Recent input:
x s h e TAB RET c d SPC ~ / c o TAB b r e TAB DEL DEL
DEL g e TAB b TAB k e TAB DEL DEL C-a C-k c d SPC ~
/ c o TAB b SPC r TAB DEL DEL DEL TAB g e TAB b TAB
ESC b ESC b C-e ESC b C-k c c TAB c c TAB 2 TAB / g
e TAB RET c d SPC . . / m o TAB g e TAB c TAB RET l
s RET . / b C-a C-k C-x C-f d o TAB TAB C-g C-x C-f
~ / c o TAB w o TAB e m TAB t TAB ESC b C-k l o TAB
s TAB TAB l TAB DEL TAB TAB e TAB TAB 2 TAB RET ESC
x g r e p - f i n d RET ' % b a c k u p ESC b ESC b
i C-e % ' RET ESC O B C-x o ESC O B ESC O B ESC O B
ESC O B C-e C-a C-c C-c C-x o C-v ESC v C-x C-f l i
TAB f i TAB l TAB s TAB e TAB DEL TAB DEL DEL DEL DEL
DEL DEL DEL DEL DEL DEL DEL TAB . e TAB TAB C-e RET
C-x C-v C-e ESC b ESC b ESC f C-k TAB TAB C-k C-g C-x
C-f C-g C-x C-v C-e ESC b ESC b ESC b ESC f C-k s TAB
. TAB RET C-s b a c k u p C-s C-a C-s % b a c k C-a
C-x 1 ESC v ESC v C-v C-v C-s C-s ESC x r e p TAB o
TAB r TAB RET
Recent messages:
scroll-up-command: End of buffer
Making completion list... [3 times]
uncompressing file.el.gz...
(New file)
Making completion list...
Quit [2 times]
Making completion list...
uncompressing files.el.gz...done
Mark saved where search started [3 times]
Making completion list... [2 times]
Load-path shadows:
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-install hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-install
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-wl hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-wl
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-w3m hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-w3m
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-vm hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-vm
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-timer hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-timer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-table hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-table
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-rmail hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-rmail
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-remember hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-remember
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-plot hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-plot
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-publish hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-publish
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mouse hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mouse
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mhe hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mhe
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mew hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mew
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-macs hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-macs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mac-message hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mac-message
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-list hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-list
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-irc hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-irc
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-jsinfo hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-jsinfo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-info hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-info
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-id hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-id
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-gnus hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-gnus
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-footnote hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-footnote
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-faces hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-faces
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-exp hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-exp
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-compat hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-compat
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview-xemacs hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-colview-xemacs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-colview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-clock hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-clock
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bibtex hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-bibtex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bbdb hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-bbdb
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-archive hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-archive
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-attach hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-attach
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-agenda hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-agenda
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-publish hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-publish
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-indent hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-indent
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-jsinfo hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-jsinfo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-install hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-install
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-entities hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-entities
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-attach hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-attach
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-wl hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-wl
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-xoxo hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-xoxo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-table hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-table
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-w3m hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-w3m
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-timer hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-timer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-vm hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-vm
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-rmail hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-rmail
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-remember hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-remember
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-plot hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-plot
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-src hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-src
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mobile hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mobile
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-protocol hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-protocol
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mouse hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mouse
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mew hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mew
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mhe hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mhe
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mac-message hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mac-message
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-latex hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-latex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-info hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-info
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-macs hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-macs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-irc hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-irc
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-id hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-id
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-list hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-list
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-html hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-html
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-inlinetask hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-inlinetask
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-icalendar hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-icalendar
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-habit hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-habit
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-freemind hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-freemind
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-gnus hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-gnus
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-exp hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-exp
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-feed hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-feed
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-docbook hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-docbook
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-docview hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-docview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-crypt hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-crypt
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-ctags hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-ctags
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-datetree hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-datetree
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-footnote hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-footnote
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-colview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-exp-blocks hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-exp-blocks
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-faces hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-faces
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-agenda hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-agenda
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-ascii hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-ascii
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-beamer hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-beamer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-compat hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-compat
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bibtex hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-bibtex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bbdb hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-bbdb
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-archive hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-archive
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-clock hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-clock
Features:
(shadow sort gnus-util mail-extr message sendmail rfc822 mml mml-sec
mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader
warnings emacsbug multi-isearch flyspell ispell grep compile dired
help-mode easymenu view ansi-color finder-inf package jka-compr time
server preview-latex tex-site auto-loads edmacro kmacro org-install
bbdb-autoloads bbdb timezone cc-styles cc-align cc-engine cc-vars
cc-defs vm-autoload vm-autoloads vm-vars vm-version medutil background
shell comint regexp-opt ring tooltip ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image fringe lisp-mode register
page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button
minibuffer faces cus-face files text-properties overlay md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process dbusbind dynamic-setting
font-render-setting x multi-tty emacs)
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 02 Sep 2010 05:38:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Mark Diekhans wrote:
> Emacs, should create the last ditch backup file as access only by the
> user (no group or other access) before any data is written to the file
>
> Also, ~/%backup%~ should be configurable in a variable rather than hard
> coded in lisp files.el.
I don't think it is necessary for this to be configurable because it
is just a fallback in case of error. Eg you can customize
backup-directory-alist to control where backups normally go.
A partial solution for the first problem is simple (below).
Perhaps it would be better to use a private directory inside
user-emacs-directory. But that is less visible, and maybe these files
are supposed to be noticed?
*** lisp/files.el 2010-08-18 08:07:58 +0000
--- lisp/files.el 2010-08-31 18:33:34 +0000
***************
*** 3681,3687 ****
(message "Cannot write backup file; backing up in %s"
backupname)
(sleep-for 1)
! (backup-buffer-copy real-file-name backupname modes)))
(setq buffer-backed-up t)
;; Now delete the old versions, if desired.
(if delete-old-versions
--- 3681,3691 ----
(message "Cannot write backup file; backing up in %s"
backupname)
(sleep-for 1)
! ;; The original file may have been in a private
! ;; directory, home might not be private. (Bug#6953)
! ;; Not a perfect solution since the file is only
! ;; made private after being written.
! (backup-buffer-copy real-file-name backupname #o0600)))
(setq buffer-backed-up t)
;; Now delete the old versions, if desired.
(if delete-old-versions
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 02 Sep 2010 06:53:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 6953 <at> debbugs.gnu.org (full text, mbox):
> From: Glenn Morris <rgm <at> gnu.org>
> Date: Thu, 02 Sep 2010 01:38:42 -0400
> Cc: 6953 <at> debbugs.gnu.org
>
> A partial solution for the first problem is simple (below).
Note that this partial solution will do nothing on MS-Windows.
(There's currently no infrastructure in Emacs to create _really_
private files and directories on MS-Windows, even on filesystems that
support file security.)
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 02 Sep 2010 07:04:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Hi Glenn
Glenn Morris <rgm <at> gnu.org> writes:
> I don't think it is necessary for this to be configurable because it
> is just a fallback in case of error. Eg you can customize
> backup-directory-alist to control where backups normally go.
Not necessary, but useful if you have something like a very
small amount of space on the home file system or to put it in a
protected directory. Also, it's just emacs-like to have all of
this stuff in variable.
I am still concerned about the window you mention in this fix.
IMHO, it's much worse to reveal sensitive data that to just lose
changes to it. There should at least be an option to completely
disable the ~/%backup%~ functionality.
Oh, wait, it doesn't look like there is a problem with your patch,
only the comment ;-) backup-buffer-copy says:
;; Create temp files with strict access rights. It's easy to
;; loosen them later, whereas it's impossible to close the
;; time-window of loose permissions otherwise.
thanks
Mark
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 02 Sep 2010 07:57:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 6953 <at> debbugs.gnu.org (full text, mbox):
markd <at> soe.ucsc.edu wrote:
> Oh, wait, it doesn't look like there is a problem with your patch,
> only the comment ;-) backup-buffer-copy says:
>
> ;; Create temp files with strict access rights. It's easy to
> ;; loosen them later, whereas it's impossible to close the
> ;; time-window of loose permissions otherwise.
I don't know what this comment means. There are no "temp files" AFAICS
(unless copy-file creates some internally). I think this comment may
be a leftover from when this code used write-region rather than
copy-file. Indeed the whole mode-changing bit may be as well. C-h f
copy-file says: "This function always sets the file modes of the
output file to match the input file."
Eg:
touch ~/1
chmod 644 ~/1
(set-default-file-modes ?\700)
(copy-file "~/1" "~/2" t t t)
ls -l ~/2 # -> world readable
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 02 Sep 2010 16:32:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Ah, this is because copy-file (in fileio.c) does
fchmod (ofd, st.st_mode & 07777);
It seems like copy-file needs an option to disable this.
The behavior of backup-buffer-copy where it keeps the existing
file would also be a hole.
mark <sigh>
Glenn Morris <rgm <at> gnu.org> writes:
> markd <at> soe.ucsc.edu wrote:
>
> > Oh, wait, it doesn't look like there is a problem with your patch,
> > only the comment ;-) backup-buffer-copy says:
> >
> > ;; Create temp files with strict access rights. It's easy to
> > ;; loosen them later, whereas it's impossible to close the
> > ;; time-window of loose permissions otherwise.
>
> I don't know what this comment means. There are no "temp files" AFAICS
> (unless copy-file creates some internally). I think this comment may
> be a leftover from when this code used write-region rather than
> copy-file. Indeed the whole mode-changing bit may be as well. C-h f
> copy-file says: "This function always sets the file modes of the
> output file to match the input file."
>
> Eg:
>
> touch ~/1
> chmod 644 ~/1
> (set-default-file-modes ?\700)
> (copy-file "~/1" "~/2" t t t)
> ls -l ~/2 # -> world readable
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 08 Sep 2010 00:02:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 6953 <at> debbugs.gnu.org (full text, mbox):
An attempt at a proper fix (the manual would also need updating):
*** lisp/files.el 2010-09-05 22:03:56 +0000
--- lisp/files.el 2010-09-07 23:58:21 +0000
***************
*** 3561,3566 ****
--- 3561,3610 ----
(set-auto-mode t))
(error nil)))
+ (defcustom backup-fallback-directory
+ (expand-file-name "backups" user-emacs-directory)
+ "In case of error writing a backup file, write it here instead.
+ Formerly such backups were written to a file \"~/%backup%~\"."
+ :type 'directory
+ :initialize 'custom-initialize-delay
+ :version "23.3")
+
+ (defun backup-buffer-fallback (from-name dir)
+ "Backup FROM-NAME in private directory DIR."
+ ;; Copied from doc-view-make-safe-dir.
+ ;; FIXME should be a general function make-directory-secure?
+ ;; See http://lists.gnu.org/archive/html/emacs-devel/2007-10/msg02087.html
+ (condition-case nil
+ (let ((umask (default-file-modes)))
+ (unwind-protect
+ (progn
+ ;; Create temp files with strict access rights. It's easy to
+ ;; loosen them later, whereas it's impossible to close the
+ ;; time-window of loose permissions otherwise.
+ (set-default-file-modes #o0700)
+ (make-directory dir))
+ ;; Reset the umask.
+ (set-default-file-modes umask)))
+ (file-already-exists
+ (if (file-symlink-p dir)
+ (error "Danger: %s points to a symbolic link" dir))
+ ;; In case it was created earlier with looser rights.
+ ;; We could check the mode info returned by file-attributes, but it's
+ ;; a pain to parse and it may not tell you what we want under
+ ;; non-standard file-systems. So let's just say what we want and let
+ ;; the underlying C code and file-system figure it out.
+ ;; This also ends up checking a bunch of useful conditions: it makes
+ ;; sure we have write-access to the directory and that we own it, thus
+ ;; closing a bunch of security holes.
+ (set-file-modes dir #o0700)))
+ (backup-buffer-copy from-name
+ (expand-file-name
+ ;; cf make-backup-file-name-1.
+ (subst-char-in-string
+ ?/ ?!
+ (replace-regexp-in-string "!" "!!" from-name))
+ dir) nil))
+
(defun write-file (filename &optional confirm)
"Write current buffer into file FILENAME.
This makes the buffer visit that file, and marks it as not modified.
***************
*** 3674,3687 ****
(rename-file real-file-name backupname t)
(setq setmodes (cons modes backupname)))
(file-error
! ;; If trouble writing the backup, write it in ~.
! (setq backupname (expand-file-name
! (convert-standard-filename
! "~/%backup%~")))
(message "Cannot write backup file; backing up in %s"
! backupname)
(sleep-for 1)
! (backup-buffer-copy real-file-name backupname modes)))
(setq buffer-backed-up t)
;; Now delete the old versions, if desired.
(if delete-old-versions
--- 3718,3729 ----
(rename-file real-file-name backupname t)
(setq setmodes (cons modes backupname)))
(file-error
! ;; Trouble writing the backup.
(message "Cannot write backup file; backing up in %s"
! backup-fallback-directory)
(sleep-for 1)
! (backup-buffer-fallback real-file-name
! backup-fallback-directory)))
(setq buffer-backed-up t)
;; Now delete the old versions, if desired.
(if delete-old-versions
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 08 Sep 2010 08:51:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 6953 <at> debbugs.gnu.org (full text, mbox):
> An attempt at a proper fix (the manual would also need updating):
Wouldn't it be better to close the window in backup-buffer-copy?
Stefan
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 08 Sep 2010 15:48:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Stefan Monnier wrote:
>> An attempt at a proper fix (the manual would also need updating):
>
> Wouldn't it be better to close the window in backup-buffer-copy?
Sorry, what window in backup-buffer-copy?
You mean in the case where to-name is in a different directory to
from-name, eg due to backup-directory-alist?
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 08 Sep 2010 22:47:02 GMT)
Full text and
rfc822 format available.
Message #32 received at 6953 <at> debbugs.gnu.org (full text, mbox):
>>> An attempt at a proper fix (the manual would also need updating):
>> Wouldn't it be better to close the window in backup-buffer-copy?
> Sorry, what window in backup-buffer-copy?
The time window during which the access rights are too loose.
Stefan
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 09 Sep 2010 05:27:02 GMT)
Full text and
rfc822 format available.
Message #35 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Stefan Monnier wrote:
> The time window during which the access rights are too loose.
Do you mean changing Fcopy_file to optionally not copy the source file
permission bits to the output file? Maybe that's better, but it would
need yet another optional argument for copy-file, which would probably
not see much use outside of this context.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Thu, 09 Sep 2010 17:09:02 GMT)
Full text and
rfc822 format available.
Message #38 received at 6953 <at> debbugs.gnu.org (full text, mbox):
>> The time window during which the access rights are too loose.
> Do you mean changing Fcopy_file to optionally not copy the source file
> permission bits to the output file?
Something like that.
> Maybe that's better, but it would need yet another optional argument
> for copy-file, which would probably not see much use outside of
> this context.
Adding yet-another-arg doesn't sound very appealing, indeed.
Maybe a better solution is to split copy-file into 2 functions: one that
copies the file data (into a file that's only readable by the current
process, or user) and another that copies various parts of its metadata
like timestamp, uid-gid, ... (this last function might be itself split
into various parts). So copy-file can be implemented on top of those
functions and backup can use them as well.
Stefan
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Fri, 10 Sep 2010 03:05:01 GMT)
Full text and
rfc822 format available.
Message #41 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Stefan Monnier wrote:
>> Do you mean changing Fcopy_file to optionally not copy the source file
>> permission bits to the output file?
>
> Something like that.
Just had a thought that this kind of approach is not going to work for
securing ~/%backup%~ files for people who have AFS home directories.
Which probably is not many in % terms, but is more than zero. In AFS,
the _only_ way to make files private to the owner is to put them in a
private directory.
On the other hand, simply creating a mode 700 directory does not
necessarily make it private, you have to use AFS commands to set ACLs.
But the approach of having backup files in a special directory would
be closer to how AFS normally works.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Mon, 13 Sep 2010 11:43:02 GMT)
Full text and
rfc822 format available.
Message #44 received at 6953 <at> debbugs.gnu.org (full text, mbox):
> From: Glenn Morris <rgm <at> gnu.org>
> Date: Thu, 09 Sep 2010 23:06:46 -0400
> Cc: 6953 <at> debbugs.gnu.org, Mark Diekhans <markd <at> soe.ucsc.edu>
>
> Just had a thought that this kind of approach is not going to work for
> securing ~/%backup%~ files for people who have AFS home directories.
> Which probably is not many in % terms, but is more than zero. In AFS,
> the _only_ way to make files private to the owner is to put them in a
> private directory.
>
> On the other hand, simply creating a mode 700 directory does not
> necessarily make it private, you have to use AFS commands to set ACLs.
> But the approach of having backup files in a special directory would
> be closer to how AFS normally works.
The situation on MS-Windows is almost exactly the same. Files put in
private directories are private by default, but creating a new private
directory requires using Windows-specific ACL APIs.
Maybe it's time to have this functionality in Emacs.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Mon, 13 Sep 2010 15:32:01 GMT)
Full text and
rfc822 format available.
Message #47 received at 6953 <at> debbugs.gnu.org (full text, mbox):
On Mon, Sep 13, 2010 at 1:44 PM, Eli Zaretskii <eliz <at> gnu.org> wrote:
>>
>> On the other hand, simply creating a mode 700 directory does not
>> necessarily make it private, you have to use AFS commands to set ACLs.
>> But the approach of having backup files in a special directory would
>> be closer to how AFS normally works.
>
> The situation on MS-Windows is almost exactly the same. Files put in
> private directories are private by default, but creating a new private
> directory requires using Windows-specific ACL APIs.
>
> Maybe it's time to have this functionality in Emacs.
Yes, please.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 22 Sep 2010 01:33:01 GMT)
Full text and
rfc822 format available.
Message #50 received at 6953 <at> debbugs.gnu.org (full text, mbox):
So, is there a consensus for what approach to take with this?
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Sat, 25 Sep 2010 20:19:03 GMT)
Full text and
rfc822 format available.
Message #53 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Glenn Morris <rgm <at> gnu.org> writes:
> So, is there a consensus for what approach to take with this?
How about simply not making a "~/%backup%~" file?
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Sun, 26 Sep 2010 10:36:01 GMT)
Full text and
rfc822 format available.
Message #56 received at 6953 <at> debbugs.gnu.org (full text, mbox):
How about simply not making a "~/%backup%~" file?
Do you mean, make no backup file at all.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Tue, 28 Sep 2010 17:24:02 GMT)
Full text and
rfc822 format available.
Message #59 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Richard Stallman <rms <at> gnu.org> writes:
> How about simply not making a "~/%backup%~" file?
>
> Do you mean, make no backup file at all.
Yeah.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 29 Sep 2010 13:34:02 GMT)
Full text and
rfc822 format available.
Message #62 received at 6953 <at> debbugs.gnu.org (full text, mbox):
> Do you mean, make no backup file at all.
Yeah.
To make no backup file seems like a gross insecurity to me.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 29 Sep 2010 13:41:01 GMT)
Full text and
rfc822 format available.
Message #65 received at 6953 <at> debbugs.gnu.org (full text, mbox):
> From: Richard Stallman <rms <at> gnu.org>
> Date: Wed, 29 Sep 2010 09:36:26 -0400
> Cc: markd <at> soe.ucsc.edu, 6953 <at> debbugs.gnu.org
>
> > Do you mean, make no backup file at all.
>
> Yeah.
>
> To make no backup file seems like a gross insecurity to me.
Agreed.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 29 Sep 2010 14:23:02 GMT)
Full text and
rfc822 format available.
Message #68 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Just to clarify, this is the fallback backup file, ~/%backup%~,
not backup files in general.
The current approach provides an very limited and arbitrary approach to
preventing data lose:
- there only one ~/%backup%~ so it's arbitrary from the users prospective
which buffer actually gets a fallback backup.
- these is no control over where this is saved, it may very well be
the file system were the primary backup file could not be created
due to lack of disk space.
My experience in over 20 years of using emacs, this has never
been of any value.
The down side of the current implementation is extremely
serious, potentially exposing private or sensitive data to all
users of the file system. In my case, exposing a mail box to
hundreds of users. I would argue that this is far more serious
a problem than the very limited data lose prevent provided
by the current implementation.
thanks much for how seriously this is being taken,
mark
Richard Stallman <rms <at> gnu.org> writes:
> > Do you mean, make no backup file at all.
>
> Yeah.
>
> To make no backup file seems like a gross insecurity to me.
,
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 12 Jan 2011 04:32:02 GMT)
Full text and
rfc822 format available.
Message #71 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Glenn Morris wrote:
> So, is there a consensus for what approach to take with this?
It seems the answer is "no", there isn't.
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 12 Jan 2011 15:18:02 GMT)
Full text and
rfc822 format available.
Message #74 received at 6953 <at> debbugs.gnu.org (full text, mbox):
> When Emacs is forced into writing "~/%backup%~", it may expose protected
> data to being read by others.
Regardless of what other problems there might be, such backups should
probably go somewhere under ~/.emacs.d.
Stefan
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 12 Jan 2011 17:49:01 GMT)
Full text and
rfc822 format available.
Message #77 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
> > When Emacs is forced into writing "~/%backup%~", it may expose protected
> > data to being read by others.
>
> Regardless of what other problems there might be, such backups should
> probably go somewhere under ~/.emacs.d.
This makes a lot of sense, and makes it possible to redirect to
a different file system by setting user-emacs-directory.
However emacs doesn't protect ~/.emacs.d/ either if it when it
creates it. This is also a security bug. Even the names of
files being edit should not be made public, even if the
files are private.
Is there anything I can do to help?
Mark
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 12 Jan 2011 19:23:02 GMT)
Full text and
rfc822 format available.
Message #80 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Mark Diekhans wrote:
>> Regardless of what other problems there might be, such backups should
>> probably go somewhere under ~/.emacs.d.
>
> This makes a lot of sense, and makes it possible to redirect to
> a different file system by setting user-emacs-directory.
We seem to have gone in a circle.
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=6953#23
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Wed, 12 Jan 2011 21:49:02 GMT)
Full text and
rfc822 format available.
Message #83 received at 6953 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Attached is a patch that I believe address both the ~/%backup%~ and
~/.emacs.d/ security issues. It works well for me on Linux.
Mark
[backup-security.patch (text/plain, inline)]
=== modified file 'doc/emacs/files.texi'
--- doc/emacs/files.texi 2010-07-31 17:13:03 +0000
+++ doc/emacs/files.texi 2011-01-12 21:43:13 +0000
@@ -569,8 +569,8 @@
file for @file{eval.c} would be @file{eval.c~}.
If access control stops Emacs from writing backup files under the usual
-names, it writes the backup file as @file{%backup%~} in your home
-directory. Only one such file can exist, so only the most recently
+names, it writes the backup file as @file{~/.emacs.d/%backup%~}.
+Only one such file can exist, so only the most recently
made such backup is available.
Emacs can also make @dfn{numbered backup files}. Numbered backup
=== modified file 'lisp/files.el'
--- lisp/files.el 2011-01-08 21:22:19 +0000
+++ lisp/files.el 2011-01-12 20:55:55 +0000
@@ -3776,9 +3776,7 @@
(setq setmodes (list modes context backupname)))
(file-error
;; If trouble writing the backup, write it in ~.
- (setq backupname (expand-file-name
- (convert-standard-filename
- "~/%backup%~")))
+ (setq backupname (locate-user-emacs-file "%backup%~"))
(message "Cannot write backup file; backing up in %s"
backupname)
(sleep-for 1)
=== modified file 'lisp/subr.el'
--- lisp/subr.el 2011-01-11 03:23:04 +0000
+++ lisp/subr.el 2011-01-12 20:53:20 +0000
@@ -2365,7 +2365,12 @@
(or noninteractive
purify-flag
(file-accessible-directory-p (directory-file-name user-emacs-directory))
- (make-directory user-emacs-directory))
+ (let ((umask (default-file-modes)))
+ (unwind-protect
+ (progn
+ (set-default-file-modes ?\700)
+ (make-directory user-emacs-directory))
+ (set-default-file-modes umask))))
(abbreviate-file-name
(expand-file-name new-name user-emacs-directory))))))
Information forwarded
to
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:
bug#6953; Package
emacs.
(Sat, 15 Jan 2011 02:26:01 GMT)
Full text and
rfc822 format available.
Message #86 received at 6953 <at> debbugs.gnu.org (full text, mbox):
Mark Diekhans <markd <at> soe.ucsc.edu> writes:
> Attached is a patch that I believe address both the ~/%backup%~ and
> ~/.emacs.d/ security issues.
Looks reasonable; committed, thanks.
bug closed, send any further explanations to Mark Diekhans <markd <at> soe.ucsc.edu>
Request was from
Chong Yidong <cyd <at> stupidchicken.com>
to
control <at> debbugs.gnu.org.
(Sun, 23 Jan 2011 21:05:01 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 21 Feb 2011 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 14 years and 204 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.