GNU bug report logs - #865
23.0.60; The directory is unsafe today

Previous Next

Package: emacs;

Reported by: "Lennart Borgman (gmail)" <lennart.borgman <at> gmail.com>

Date: Tue, 2 Sep 2008 16:10:05 UTC

Severity: normal

Merged with 3281, 4197, 8787

Found in version 23.3

Full log

Message #650 received at submit <at> emacsbugs.donarmstrong.com (full text, mbox):

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 865 <at> debbugs.gnu.org, jasonr <at> gnu.org, emacs-pretest-bug <at> gnu.org
Subject: Re: bug#865: 23.0.60; The directory is unsafe today
Date: Tue, 09 Sep 2008 10:37:57 -0400

> Not exactly: most programs don't use these special flags, and some of
> them seem to require special privileges, although I'm not quite sure
> who can gain those privileges.  (A small test program confirmed that I
> can gain them, even though I'm not in the Administrators group.)

> See:

>   http://msdn.microsoft.com/en-us/library/aa364399(VS.85).aspx

> for more details.

> But I don't think we should dismiss the privacy issue just because it
> can be bypassed by an ill meaning program: the same can happen on
> Unix, given a program that deliberately gains root access.  "Normal"
> programs don't use those special access flags and privileges, and so
> cannot access files in a private directory.

Huh?  Those programs that can deliberately gain root access are kept
under very tight control.  For a normal user to be able to read
arbitrary files on the system is considered as a major security hole on
unixy systems (even if she has to go through contortions to do that).


        Stefan
This bug report was last modified 7 years and 236 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.