[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#17187: 24.3.50.1 open-dribble-file stores pw
|
From: |
Stefan Monnier |
|
Subject: |
bug#17187: 24.3.50.1 open-dribble-file stores pw |
|
Date: |
Sat, 05 Apr 2014 18:02:53 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) |
>>> As suggested a decade ago,
>>> http://lists.gnu.org/archive/html/emacs-pretest-bug/2003-10/msg00229.html
>>> the dribble file should be created with file permission bits = 600.
>> Very much agreed.
> PS maybe it should also abort with an error if the file already exists
> (and is a symlink or is not owned by the current user?).
You mean it should be created with EXCL?
Maybe. Then again, AFAIK this is only used for debugging purposes, so
I'm not sure it's that important and you could assume that the user will
normally specify a file in a directory she owns, where the attacker
shouldn't be able to place a surreptitious symlink.
Stefan
- bug#17187: 24.3.50.1 open-dribble-file stores pw, Andreas Röhler, 2014/04/04
- bug#17187: 24.3.50.1 open-dribble-file stores pw, Glenn Morris, 2014/04/05
- bug#17187: 24.3.50.1 open-dribble-file stores pw,
Stefan Monnier <=
- bug#17187: 24.3.50.1 open-dribble-file stores pw, Glenn Morris, 2014/04/05
- bug#17187: 24.3.50.1 open-dribble-file stores pw, Daniel Colascione, 2014/04/05
- bug#17187: 24.3.50.1 open-dribble-file stores pw, Glenn Morris, 2014/04/05
- bug#17187: 24.3.50.1 open-dribble-file stores pw, Glenn Morris, 2014/04/11