GNU bug report logs - #865
23.0.60; The directory is unsafe today

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 865 <at> debbugs.gnu.org, jasonr <at> gnu.org, emacs-pretest-bug <at> gnu.org
Subject: bug#865: 23.0.60; The directory is unsafe today
Date: Fri, 05 Sep 2008 13:52:44 +0300

> From: Stefan Monnier <monnier <at> iro.umontreal.ca>
> Cc: 865 <at> emacsbugs.donarmstrong.com,  Jason Rumney <jasonr <at> gnu.org>,  emacs-pretest-bug <at> gnu.org
> Date: Thu, 04 Sep 2008 23:11:10 -0400
> 
> I think the problem comes earlier: the (let ((default-file-modes ?\700))
> should make sure that the directory created there is owned by the use
> and not by some Administator group.

That's a different problem.  I don't see how it can be solved without
introducing a new primitive, which on Windows will DTRT.  (I think
GNU/Linux and Unix systems that support ACLs will need a similar
primitive, but I don't know enough about those to say for sure.)

There are a few other places in Emacs other than server.el that make
similar tests, for reasons other than making sure the file/directory
is private to the current user.  Here's the list:

 files.el:file-ownership-preserved-p
 eshell/em-ls.el:eshell-ls-applicable
 net/ange-ftp.el:ange-ftp-parse-netrc

(the last one is actually quite similar to server.el).

> Of course, on FAT there's just nothing we can do and the
> server-ensure-safe-dir functionality simply cannot be provided, so we
> should then just skip the safety checks,

On FAT, all files belong to a user called Everyone, who has a special
UID of 0, so I think all these checks will simply pass, or at least
they should.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.