[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#6953: 24.0.50; serious security bug in create backup files
From: |
Mark Diekhans |
Subject: |
bug#6953: 24.0.50; serious security bug in create backup files |
Date: |
Mon, 30 Aug 2010 23:13:29 -0700 |
When emacs is forced into writing "~/%backup%~", it may expose protected
data to being read by others. For instance, a file that is protect by
directory permissions rather than file permissions could end up being
written in a world readable home directory. For instance I just
discovered that ~/%backup%~ was a world readable copy of my mail box on
a shared file system.
Emacs, should create the last ditch backup file as access only by the
user (no group or other access) before any data is written to the file
Also, ~/%backup%~ should be configurable in a variable rather than hard
coded in lisp files.el.
In GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu)
of 2010-08-30 on hgwdev
configured using `configure
'--prefix=/cluster/home/markd/compbio/work/emacs/local' 'CFLAGS=-g -O2'
'LDFLAGS=-L/cluster/home/markd/opt/centos5.2/x86_64/lib'
'CPPFLAGS=-I/cluster/home/markd/opt/centos5.2/x86_64/include''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: C
value of $XMODIFIERS: nil
locale-coding-system: nil
default enable-multibyte-characters: t
Major mode: Emacs-Lisp
Minor modes in effect:
display-time-mode: t
shell-dirtrack-mode: t
tooltip-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
abbrev-mode: t
Recent input:
x s h e TAB RET c d SPC ~ / c o TAB b r e TAB DEL DEL
DEL g e TAB b TAB k e TAB DEL DEL C-a C-k c d SPC ~
/ c o TAB b SPC r TAB DEL DEL DEL TAB g e TAB b TAB
ESC b ESC b C-e ESC b C-k c c TAB c c TAB 2 TAB / g
e TAB RET c d SPC . . / m o TAB g e TAB c TAB RET l
s RET . / b C-a C-k C-x C-f d o TAB TAB C-g C-x C-f
~ / c o TAB w o TAB e m TAB t TAB ESC b C-k l o TAB
s TAB TAB l TAB DEL TAB TAB e TAB TAB 2 TAB RET ESC
x g r e p - f i n d RET ' % b a c k u p ESC b ESC b
i C-e % ' RET ESC O B C-x o ESC O B ESC O B ESC O B
ESC O B C-e C-a C-c C-c C-x o C-v ESC v C-x C-f l i
TAB f i TAB l TAB s TAB e TAB DEL TAB DEL DEL DEL DEL
DEL DEL DEL DEL DEL DEL DEL TAB . e TAB TAB C-e RET
C-x C-v C-e ESC b ESC b ESC f C-k TAB TAB C-k C-g C-x
C-f C-g C-x C-v C-e ESC b ESC b ESC b ESC f C-k s TAB
. TAB RET C-s b a c k u p C-s C-a C-s % b a c k C-a
C-x 1 ESC v ESC v C-v C-v C-s C-s ESC x r e p TAB o
TAB r TAB RET
Recent messages:
scroll-up-command: End of buffer
Making completion list... [3 times]
uncompressing file.el.gz...
(New file)
Making completion list...
Quit [2 times]
Making completion list...
uncompressing files.el.gz...done
Mark saved where search started [3 times]
Making completion list... [2 times]
Load-path shadows:
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-install
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-install
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-wl hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-wl
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-w3m
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-w3m
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-vm hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-vm
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-timer
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-timer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-table
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-table
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-rmail
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-rmail
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-remember
hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-remember
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-plot
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-plot
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-publish
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-publish
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mouse
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mouse
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mhe
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mhe
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mew
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mew
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-macs
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-macs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mac-message
hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mac-message
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-list
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-list
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-irc
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-irc
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-jsinfo
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-jsinfo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-info
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-info
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-id hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-id
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-gnus
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-gnus
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-footnote
hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-footnote
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-faces
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-faces
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-exp
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-exp
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-compat
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-compat
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview-xemacs
hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-colview-xemacs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-colview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-clock
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-clock
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bibtex
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-bibtex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bbdb
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-bbdb
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-archive
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-archive
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-attach
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-attach
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-agenda
hides /cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-agenda
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org hides
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-publish
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-publish
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-indent hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-indent
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-jsinfo
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-jsinfo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-install
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-install
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-entities
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-entities
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-attach
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-attach
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-wl hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-wl
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-xoxo hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-xoxo
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-table
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-table
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-w3m
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-w3m
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-timer
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-timer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-vm hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-vm
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-rmail
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-rmail
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-remember
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-remember
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-plot
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-plot
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-src hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-src
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-mobile hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mobile
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-protocol
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-protocol
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mouse
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mouse
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mew
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mew
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mhe
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mhe
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-mac-message
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-mac-message
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-latex hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-latex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-info
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-info
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-macs
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-macs
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-irc
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-irc
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-id hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-id
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-list
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-list
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-html hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-html
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-inlinetask
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-inlinetask
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-icalendar
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-icalendar
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-habit hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-habit
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-freemind
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-freemind
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-gnus
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-gnus
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-exp
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-exp
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-feed hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-feed
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-docbook
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-docbook
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-docview
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-docview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-crypt hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-crypt
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-ctags hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-ctags
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-datetree
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-datetree
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-footnote
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-footnote
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-colview
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-colview
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-exp-blocks
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-exp-blocks
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-faces
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-faces
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-agenda
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-agenda
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-ascii hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-ascii
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org-beamer hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-beamer
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-compat
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-compat
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bibtex
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-bibtex
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-bbdb
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-bbdb
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-archive
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-archive
/cluster/home/markd/opt/centos5.2/x86_64/share/emacs/site-lisp/org/org-clock
hides
/cluster/home/markd/compbio/work/emacs/local/share/emacs/24.0.50/lisp/org/org-clock
Features:
(shadow sort gnus-util mail-extr message sendmail rfc822 mml mml-sec
mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader
warnings emacsbug multi-isearch flyspell ispell grep compile dired
help-mode easymenu view ansi-color finder-inf package jka-compr time
server preview-latex tex-site auto-loads edmacro kmacro org-install
bbdb-autoloads bbdb timezone cc-styles cc-align cc-engine cc-vars
cc-defs vm-autoload vm-autoloads vm-vars vm-version medutil background
shell comint regexp-opt ring tooltip ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image fringe lisp-mode register
page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button
minibuffer faces cus-face files text-properties overlay md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process dbusbind dynamic-setting
font-render-setting x multi-tty emacs)
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#6953: 24.0.50; serious security bug in create backup files,
Mark Diekhans <=