GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Package: emacs;

Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>

Date: Tue, 31 Aug 2010 06:13:02 UTC

Severity: important

Found in version 24.0.50

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 6953 <at> debbugs.gnu.org (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Mark Diekhans <markd <at> soe.ucsc.edu>
Cc: 6953 <at> debbugs.gnu.org
Subject: Re: bug#6953: 24.0.50; serious security bug in create backup files
Date: Thu, 02 Sep 2010 01:38:42 -0400

Mark Diekhans wrote:

> Emacs, should create the last ditch backup file as access only by the
> user (no group or other access) before any data is written to the file
>
> Also, ~/%backup%~ should be configurable in a variable rather than hard
> coded in lisp files.el.

I don't think it is necessary for this to be configurable because it
is just a fallback in case of error. Eg you can customize
backup-directory-alist to control where backups normally go.

A partial solution for the first problem is simple (below).
Perhaps it would be better to use a private directory inside
user-emacs-directory. But that is less visible, and maybe these files
are supposed to be noticed?

*** lisp/files.el	2010-08-18 08:07:58 +0000
--- lisp/files.el	2010-08-31 18:33:34 +0000
***************
*** 3681,3687 ****
  		     (message "Cannot write backup file; backing up in %s"
  			      backupname)
  		     (sleep-for 1)
! 		     (backup-buffer-copy real-file-name backupname modes)))
  		  (setq buffer-backed-up t)
  		  ;; Now delete the old versions, if desired.
  		  (if delete-old-versions
--- 3681,3691 ----
  		     (message "Cannot write backup file; backing up in %s"
  			      backupname)
  		     (sleep-for 1)
! 		     ;; The original file may have been in a private
! 		     ;; directory, home might not be private.  (Bug#6953)
! 		     ;; Not a perfect solution since the file is only
! 		     ;; made private after being written.
! 		     (backup-buffer-copy real-file-name backupname #o0600)))
  		  (setq buffer-backed-up t)
  		  ;; Now delete the old versions, if desired.
  		  (if delete-old-versions
This bug report was last modified 14 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.