GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Package: emacs;

Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>

Date: Tue, 31 Aug 2010 06:13:02 UTC

Severity: important

Found in version 24.0.50

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 6953 <at> debbugs.gnu.org, Mark Diekhans <markd <at> soe.ucsc.edu>
Subject: bug#6953: 24.0.50; serious security bug in create backup files
Date: Thu, 09 Sep 2010 19:09:47 +0200

>> The time window during which the access rights are too loose.
> Do you mean changing Fcopy_file to optionally not copy the source file
> permission bits to the output file?

Something like that.

> Maybe that's better, but it would need yet another optional argument
> for copy-file, which would probably not see much use outside of
> this context.

Adding yet-another-arg doesn't sound very appealing, indeed.
Maybe a better solution is to split copy-file into 2 functions: one that
copies the file data (into a file that's only readable by the current
process, or user) and another that copies various parts of its metadata
like timestamp, uid-gid, ... (this last function might be itself split
into various parts).  So copy-file can be implemented on top of those
functions and backup can use them as well.


        Stefan
This bug report was last modified 14 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.