bug#62260: 30.0.50; [PATCH] Restrict auto-save file mode

[Michael Albinus]

Eli Zaretskii <eliz@gnu.org> writes:

Hi,

>> From: Manuel Giraud <manuel@ledu-giraud.fr>
>> Cc: 62260@debbugs.gnu.org
>> Date: Sun, 19 Mar 2023 12:43:02 +0100
>>
>> Eli Zaretskii <eliz@gnu.org> writes:
>>
>> > More generally: what problems are you trying to solve here?  If this
>> > code causes some problems, please describe them, and let's see whether
>> > and how we should fix them.
>>
>> You're right.  I should have start from here.  So it all start with a
>> recurring message I get from TRAMP whenever I access a root file (via
>> sudo method) for the first time.  It asks:
>>
>>   "Autosave file on local temporary directory, do you want to continue?"
>>
>> I answer "yes" but it seems that it can potentially leak root data
>> through auto-save files.  Looking at the code that asks this question
>> (tramp.el:6528), I see that I can set
>> 'tramp-allow-unsafe-temporary-files' to t and I won't see the question
>> again... but the leakage is still possible.  So I guess what I want is
>> an option to stop auto-save entirely in those cases.
>>
>> >From there, I've looked at how auto-save work and I ask myself: "maybe
>> instead of such an option, I could limit others rights on auto-save
>> files".  And that's how I came up with this patch.
>
> So this is limited to Tramp and how it handles auto-saving?  Adding
> Michael, in case he has ideas for how to solve this issue.

Read the Tramp manual (info "(tramp) Auto-save File Lock and Backup")
You can use auto-save-file-name-transforms or tramp-auto-save-directory
in order to change the location of auto-saved files. This is the
recommended way to protect sensible data.

Tramp has no influence on the permissions of the auto-saved file.

There's also bug#57395 with a related (but not identical) topic.

Best regards, Michael.