GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Mark Diekhans <markd <at> soe.ucsc.edu>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.0.50; serious security bug in create backup files
Date: Mon, 30 Aug 2010 23:13:29 -0700

When emacs is forced into writing "~/%backup%~", it may expose protected
data to being read by others.  For instance, a file that is protect by
directory permissions rather than file permissions could end up being
written in a world readable home directory. For instance I just
discovered that ~/%backup%~ was a world readable copy of my mail box on
a shared file system.

Emacs, should create the last ditch backup file as access only by the
user (no group or other access) before any data is written to the file

Also, ~/%backup%~ should be configurable in a variable rather than hard
coded in lisp files.el.


In GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu)
 of 2010-08-30 on hgwdev
configured using `configure  '--prefix=/cluster/home/markd/compbio/work/emacs/local' 'CFLAGS=-g -O2' 'LDFLAGS=-L/cluster/home/markd/opt/centos5.2/x86_64/lib' 'CPPFLAGS=-I/cluster/home/markd/opt/centos5.2/x86_64/include''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: C
  value of $XMODIFIERS: nil
  locale-coding-system: nil
  default enable-multibyte-characters: t

Major mode: Emacs-Lisp

Minor modes in effect:
  display-time-mode: t
  shell-dirtrack-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Recent input:
x s h e TAB RET c d SPC ~ / c o TAB b r e TAB DEL DEL 
DEL g e TAB b TAB k e TAB DEL DEL C-a C-k c d SPC ~ 
/ c o TAB b SPC r TAB DEL DEL DEL TAB g e TAB b TAB 
ESC b ESC b C-e ESC b C-k c c TAB c c TAB 2 TAB / g 
e TAB RET c d SPC . . / m o TAB g e TAB c TAB RET l 
s RET . / b C-a C-k C-x C-f d o TAB TAB C-g C-x C-f 
~ / c o TAB w o TAB e m TAB t TAB ESC b C-k l o TAB 
s TAB TAB l TAB DEL TAB TAB e TAB TAB 2 TAB RET ESC 
x g r e p - f i n d RET ' % b a c k u p ESC b ESC b 
i C-e % ' RET ESC O B C-x o ESC O B ESC O B ESC O B 
ESC O B C-e C-a C-c C-c C-x o C-v ESC v C-x C-f l i 
TAB f i TAB l TAB s TAB e TAB DEL TAB DEL DEL DEL DEL 
DEL DEL DEL DEL DEL DEL DEL TAB . e TAB TAB C-e RET 
C-x C-v C-e ESC b ESC b ESC f C-k TAB TAB C-k C-g C-x 
C-f C-g C-x C-v C-e ESC b ESC b ESC b ESC f C-k s TAB 
. TAB RET C-s b a c k u p C-s C-a C-s % b a c k C-a 
C-x 1 ESC v ESC v C-v C-v C-s C-s ESC x r e p TAB o 
TAB r TAB RET

Recent messages:
scroll-up-command: End of buffer
Making completion list... [3 times]
uncompressing file.el.gz...
(New file)
Making completion list...
Quit [2 times]
Making completion list...
uncompressing files.el.gz...done
Mark saved where search started [3 times]
Making completion list... [2 times]

Load-path shadows:
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-install hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-install
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-wl hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-wl
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-w3m hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-w3m
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-vm hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-vm
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-timer hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-timer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-table hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-table
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-rmail hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-rmail
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-remember hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-remember
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-plot hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-plot
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-publish hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-publish
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mouse hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mouse
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mhe hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mhe
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mew hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mew
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-macs hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-macs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mac-message hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mac-message
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-list hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-list
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-irc hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-irc
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-jsinfo hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-jsinfo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-info hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-info
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-id hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-id
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-gnus hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-gnus
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-footnote hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-footnote
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-faces hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-faces
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-exp hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-exp
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-compat hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-compat
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview-xemacs hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-colview-xemacs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-colview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-clock hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-clock
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bibtex hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-bibtex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bbdb hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-bbdb
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-archive hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-archive
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-attach hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-attach
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-agenda hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-agenda
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-publish hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-publish
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-indent hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-indent
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-jsinfo hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-jsinfo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-install hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-install
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-entities hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-entities
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-attach hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-attach
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-wl hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-wl
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-xoxo hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-xoxo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-table hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-table
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-w3m hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-w3m
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-timer hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-timer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-vm hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-vm
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-rmail hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-rmail
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-remember hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-remember
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-plot hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-plot
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-src hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-src
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mobile hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mobile
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-protocol hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-protocol
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mouse hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mouse
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mew hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mew
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mhe hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mhe
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mac-message hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mac-message
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-latex hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-latex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-info hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-info
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-macs hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-macs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-irc hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-irc
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-id hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-id
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-list hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-list
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-html hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-html
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-inlinetask hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-inlinetask
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-icalendar hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-icalendar
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-habit hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-habit
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-freemind hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-freemind
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-gnus hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-gnus
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-exp hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-exp
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-feed hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-feed
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-docbook hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-docbook
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-docview hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-docview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-crypt hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-crypt
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-ctags hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-ctags
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-datetree hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-datetree
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-footnote hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-footnote
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-colview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-exp-blocks hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-exp-blocks
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-faces hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-faces
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-agenda hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-agenda
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-ascii hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-ascii
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-beamer hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-beamer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-compat hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-compat
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bibtex hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-bibtex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bbdb hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-bbdb
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-archive hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-archive
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-clock hides /cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-clock

Features:
(shadow sort gnus-util mail-extr message sendmail rfc822 mml mml-sec
mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader
warnings emacsbug multi-isearch flyspell ispell grep compile dired
help-mode easymenu view ansi-color finder-inf package jka-compr time
server preview-latex tex-site auto-loads edmacro kmacro org-install
bbdb-autoloads bbdb timezone cc-styles cc-align cc-engine cc-vars
cc-defs vm-autoload vm-autoloads vm-vars vm-version medutil background
shell comint regexp-opt ring tooltip ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image fringe lisp-mode register
page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button
minibuffer faces cus-face files text-properties overlay md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process dbusbind dynamic-setting
font-render-setting x multi-tty emacs)

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.