GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Package: emacs;

Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>

Date: Tue, 31 Aug 2010 06:13:02 UTC

Severity: important

Found in version 24.0.50

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

Message #44 received at 6953 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 6953 <at> debbugs.gnu.org, markd <at> soe.ucsc.edu, monnier <at> iro.umontreal.ca
Subject: Re: bug#6953: 24.0.50; serious security bug in create backup files
Date: Mon, 13 Sep 2010 13:44:41 +0200

> From: Glenn Morris <rgm <at> gnu.org>
> Date: Thu, 09 Sep 2010 23:06:46 -0400
> Cc: 6953 <at> debbugs.gnu.org, Mark Diekhans <markd <at> soe.ucsc.edu>
> 
> Just had a thought that this kind of approach is not going to work for
> securing ~/%backup%~ files for people who have AFS home directories.
> Which probably is not many in % terms, but is more than zero. In AFS,
> the _only_ way to make files private to the owner is to put them in a
> private directory.
> 
> On the other hand, simply creating a mode 700 directory does not
> necessarily make it private, you have to use AFS commands to set ACLs.
> But the approach of having backup files in a special directory would
> be closer to how AFS normally works.

The situation on MS-Windows is almost exactly the same.  Files put in
private directories are private by default, but creating a new private
directory requires using Windows-specific ACL APIs.

Maybe it's time to have this functionality in Emacs.
This bug report was last modified 14 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.