GNU bug report logs - #865
23.0.60; The directory is unsafe today

Previous Next

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 865 <at> debbugs.gnu.org, jasonr <at> gnu.org, emacs-pretest-bug <at> gnu.org
Subject: bug#865: 23.0.60; The directory is unsafe today
Date: Wed, 10 Sep 2008 12:32:40 -0400

>> > But I don't think we should dismiss the privacy issue just because it
>> > can be bypassed by an ill meaning program: the same can happen on
>> > Unix, given a program that deliberately gains root access.  "Normal"
>> > programs don't use those special access flags and privileges, and so
>> > cannot access files in a private directory.
>> 
>> Huh?  Those programs that can deliberately gain root access are kept
>> under very tight control.  For a normal user to be able to read
>> arbitrary files on the system is considered as a major security hole on
>> unixy systems (even if she has to go through contortions to do that).

> I'm not going to argue about merits and demerits of Unix vs Windows
> wrt security.  My point was that using a private directory in
> server.el is important on Windows even if you think its security level
> is lower than that of Unix systems.

I don't think it is, actually, so we violently agree.

> And I hoped that you'd provide some guidance for implementing this
> on Windows.

As mentioned, ideally the Emacs C code should notice when
default-file-modes is #o700 that the files&dirs should be created
"private", whatever that means in the w32 world.
Even better would be if each individual file-modes bits were interpreted,
but handling #o700 is all we really need for now.


        Stefan

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.