GNU bug report logs - #6953
24.0.50; serious security bug in create backup files

Previous Next

Package: emacs;

Reported by: Mark Diekhans <markd <at> soe.ucsc.edu>

Date: Tue, 31 Aug 2010 06:13:02 UTC

Severity: important

Found in version 24.0.50

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

Message #83 received at 6953 <at> debbugs.gnu.org (full text, mbox):

From: Mark Diekhans <markd <at> soe.ucsc.edu>
To: 6953 <at> debbugs.gnu.org
Subject: Re: bug#6953: 24.0.50; serious security bug in create backup files
Date: Wed, 12 Jan 2011 13:56:03 -0800

[Message part 1 (text/plain, inline)]
Attached is a patch that I believe address both the ~/%backup%~ and
~/.emacs.d/ security issues.  It works well for me on Linux.

Mark


[backup-security.patch (text/plain, inline)]
=== modified file 'doc/emacs/files.texi'
--- doc/emacs/files.texi	2010-07-31 17:13:03 +0000
+++ doc/emacs/files.texi	2011-01-12 21:43:13 +0000
@@ -569,8 +569,8 @@
 file for @file{eval.c} would be @file{eval.c~}.
 
   If access control stops Emacs from writing backup files under the usual
-names, it writes the backup file as @file{%backup%~} in your home
-directory.  Only one such file can exist, so only the most recently
+names, it writes the backup file as @file{~/.emacs.d/%backup%~}.
+Only one such file can exist, so only the most recently
 made such backup is available.
 
   Emacs can also make @dfn{numbered backup files}.  Numbered backup

=== modified file 'lisp/files.el'
--- lisp/files.el	2011-01-08 21:22:19 +0000
+++ lisp/files.el	2011-01-12 20:55:55 +0000
@@ -3776,9 +3776,7 @@
 			(setq setmodes (list modes context backupname)))
 		    (file-error
 		     ;; If trouble writing the backup, write it in ~.
-		     (setq backupname (expand-file-name
-				       (convert-standard-filename
-					"~/%backup%~")))
+		     (setq backupname (locate-user-emacs-file "%backup%~"))
 		     (message "Cannot write backup file; backing up in %s"
 			      backupname)
 		     (sleep-for 1)

=== modified file 'lisp/subr.el'
--- lisp/subr.el	2011-01-11 03:23:04 +0000
+++ lisp/subr.el	2011-01-12 20:53:20 +0000
@@ -2365,7 +2365,12 @@
        (or noninteractive
 	   purify-flag
 	   (file-accessible-directory-p (directory-file-name user-emacs-directory))
-	   (make-directory user-emacs-directory))
+           (let ((umask (default-file-modes)))
+             (unwind-protect
+                 (progn
+                   (set-default-file-modes ?\700)
+                   (make-directory user-emacs-directory))
+               (set-default-file-modes umask))))
        (abbreviate-file-name
         (expand-file-name new-name user-emacs-directory))))))
This bug report was last modified 14 years and 204 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.