GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Package: emacs;

Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>

Date: Tue, 31 Aug 2010 06:13:02 UTC

Severity: important

Found in version 24.0.50

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

Message #41 received at 6953 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 6953 <at> debbugs.gnu.org, Mark Diekhans <markd <at> soe.ucsc.edu>
Subject: Re: bug#6953: 24.0.50; serious security bug in create backup files
Date: Thu, 09 Sep 2010 23:06:46 -0400

Stefan Monnier wrote:

>> Do you mean changing Fcopy_file to optionally not copy the source file
>> permission bits to the output file?
>
> Something like that.

Just had a thought that this kind of approach is not going to work for
securing ~/%backup%~ files for people who have AFS home directories.
Which probably is not many in % terms, but is more than zero. In AFS,
the _only_ way to make files private to the owner is to put them in a
private directory.

On the other hand, simply creating a mode 700 directory does not
necessarily make it private, you have to use AFS commands to set ACLs.
But the approach of having backup files in a special directory would
be closer to how AFS normally works.
This bug report was last modified 14 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.