GNU bug report logs -
#865
23.0.60; The directory is unsafe today
Previous Next
Full log
View this message in rfc822 format
>> I think the problem comes earlier: the (let ((default-file-modes ?\700))
>> should make sure that the directory created there is owned by the use
>> and not by some Administator group.
> That's a different problem. I don't see how it can be solved without
> introducing a new primitive, which on Windows will DTRT. (I think
> GNU/Linux and Unix systems that support ACLs will need a similar
> primitive, but I don't know enough about those to say for sure.)
> There are a few other places in Emacs other than server.el that make
> similar tests, for reasons other than making sure the file/directory
> is private to the current user. Here's the list:
> files.el:file-ownership-preserved-p
> eshell/em-ls.el:eshell-ls-applicable
> net/ange-ftp.el:ange-ftp-parse-netrc
> (the last one is actually quite similar to server.el).
I think we need to consider the testing part and the file (or dir)
creation part separately. And my previous messages pointed out that the
core problem (securitywise) is in the creation part, which is hence
unrelated to the above 3 other cases.
>> Of course, on FAT there's just nothing we can do and the
>> server-ensure-safe-dir functionality simply cannot be provided, so we
>> should then just skip the safety checks,
> On FAT, all files belong to a user called Everyone, who has a special
> UID of 0, so I think all these checks will simply pass, or at least
> they should.
No, they shouldn't, since the tests are meant to ensure that only the
current user has write access, whereas FAT cannot provide this behavior.
Stefan
This bug report was last modified 7 years and 236 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.