GNU bug report logs - #865
23.0.60; The directory is unsafe today

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: 865 <at> debbugs.gnu.org, jasonr <at> gnu.org, emacs-pretest-bug <at> gnu.org
Subject: bug#865: 23.0.60; The directory is unsafe today
Date: Tue, 09 Sep 2008 21:52:49 +0300

> From: Stefan Monnier <monnier <at> iro.umontreal.ca>
> Cc: 865 <at> emacsbugs.donarmstrong.com,  jasonr <at> gnu.org,  emacs-pretest-bug <at> gnu.org
> Date: Tue, 09 Sep 2008 10:37:57 -0400
> 
> > But I don't think we should dismiss the privacy issue just because it
> > can be bypassed by an ill meaning program: the same can happen on
> > Unix, given a program that deliberately gains root access.  "Normal"
> > programs don't use those special access flags and privileges, and so
> > cannot access files in a private directory.
> 
> Huh?  Those programs that can deliberately gain root access are kept
> under very tight control.  For a normal user to be able to read
> arbitrary files on the system is considered as a major security hole on
> unixy systems (even if she has to go through contortions to do that).

I'm not going to argue about merits and demerits of Unix vs Windows
wrt security.  My point was that using a private directory in
server.el is important on Windows even if you think its security level
is lower than that of Unix systems.  And I hoped that you'd provide
some guidance for implementing this on Windows.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.