GNU bug report logs - #865
23.0.60; The directory is unsafe today

Previous Next

Package: emacs;

Reported by: "Lennart Borgman (gmail)" <lennart.borgman <at> gmail.com>

Date: Tue, 2 Sep 2008 16:10:05 UTC

Severity: normal

Merged with 3281, 4197, 8787

Found in version 23.3

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 865 <at> debbugs.gnu.org, jasonr <at> gnu.org, emacs-pretest-bug <at> gnu.org
Subject: bug#865: 23.0.60; The directory is unsafe today
Date: Fri, 05 Sep 2008 17:36:40 -0400

>> I think we need to consider the testing part and the file (or dir)
>> creation part separately.

> 100% agreement.

>> And my previous messages pointed out that the core problem
>> (securitywise) is in the creation part, which is hence unrelated to
>> the above 3 other cases.

> Are you okay with adding a primitive for solving the creation part,
> and will such a primitive be allowed into the repository even though
> we are in feature freeze?

I'm not sure what it would look like so it's hard for me to say.
But I'd argue that having the umask (aka default-file-modes) set to
#o700 could be used as a tell-tale sign, so it sounds to me like it
might be doable by adding w32 C code without any C-level changes.

Of course, that might just be a reflection of my naive misunderstanding
of the w32 API.


        Stefan
This bug report was last modified 7 years and 236 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.