--- Begin Message ---
|
Subject: |
23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method |
|
Date: |
Mon, 29 Jun 2009 18:16:30 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
When method /su: or /sudo: is used to _create_ a file the file's
permission will be set to -rwxrwxrwx (777), that is, allow everything
for everyone. Obviously this is serious security bug. Steps to
reproduce:
1. Start Emacs as a normal user:
emacs -Q
2. Create a file in a directory to which the user who launched this
Emacs session doesn't have write access.
C-x C-f /su::/root/test.txt
3. Write some content to the file and save it with "C-x C-s".
4. Check file's permissions. It has 777 permission bits:
$ ls -l /root/test.txt
-rwxrwxrwx 1 root root 5 2009-06-29 17:58 /root/test.txt
For some reason, if I create similar file to the same user's home
directory who launched this Emacs session (/su::$HOME/test.txt) then it
gets 644 permissions (probably honoring umask settings).
In GNU Emacs 23.1.50.4 (i686-pc-linux-gnu, GTK+ Version 2.12.12)
of 2009-06-29 on mithlond
Windowing system distributor `The X.Org Foundation', version 11.0.10402000
configured using `configure '--prefix=/home/dtw/local''
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method |
|
Date: |
Tue, 30 Jun 2009 19:36:32 +0300 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
On 2009-06-30 17:34 (+0200), Michael Albinus wrote:
> OK, you've convinced me. Execution bits are removed now for newly
> created remote files.
> If it works also for you it is OK for me.
It seems to work perfectly now. Huge thanks! I'm happy to close this
bug.
--- End Message ---