GNU bug report logs -
#10403
epg--make-temp-file permissions race condition fixes
Previous Next
Reported by: Paul Eggert <eggert <at> cs.ucla.edu>
Date: Thu, 29 Dec 2011 22:26:02 UTC
Severity: normal
Tags: patch
Fixed in version 24.1
Done: Chong Yidong <cyd <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 10403 in the body.
You can then email your comments to 10403 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#10403; Package
emacs.
(Thu, 29 Dec 2011 22:26:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Paul Eggert <eggert <at> cs.ucla.edu>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Thu, 29 Dec 2011 22:26:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Tags: patch
=== modified file 'lisp/ChangeLog'
--- lisp/ChangeLog 2011-12-29 21:55:33 +0000
+++ lisp/ChangeLog 2011-12-29 22:08:29 +0000
@@ -1,5 +1,8 @@
2011-12-29 Paul Eggert <eggert <at> cs.ucla.edu>
+ * epg.el (epg--make-temp-file): Avoid permission race conditions
+ when creating temporary directories and files on older Emacs.
+
* files.el (move-file-to-trash): Preserve default file modes on error.
(Bug#10401)
=== modified file 'lisp/epg.el'
--- lisp/epg.el 2011-11-23 07:03:56 +0000
+++ lisp/epg.el 2011-12-29 22:08:29 +0000
@@ -1951,14 +1951,16 @@
of PREFIX, and expanding against `temporary-file-directory' if necessary),
is guaranteed to point to a newly created empty file.
You can then use `write-region' to write new data into the file."
- (let (tempdir tempfile)
+ (let (tempdir tempfile orig-modes)
(setq prefix (expand-file-name prefix
(if (featurep 'xemacs)
(temp-directory)
temporary-file-directory)))
+ (setq orig-modes (default-file-modes))
(unwind-protect
(let (file)
;; First, create a temporary directory.
+ (set-default-file-modes #o700)
(while (condition-case ()
(progn
(setq tempdir (make-temp-name
@@ -1969,14 +1971,12 @@
(make-directory tempdir))
;; let's try again.
(file-already-exists t)))
- (set-file-modes tempdir 448)
;; Second, create a temporary file in the tempdir.
;; There *is* a race condition between `make-temp-name'
;; and `write-region', but we don't care it since we are
;; in a private directory now.
(setq tempfile (make-temp-name (concat tempdir "/EMU")))
(write-region "" nil tempfile nil 'silent)
- (set-file-modes tempfile 384)
;; Finally, make a hard-link from the tempfile.
(while (condition-case ()
(progn
@@ -1986,6 +1986,7 @@
;; let's try again.
(file-already-exists t)))
file)
+ (set-default-file-modes orig-modes)
;; Cleanup the tempfile.
(and tempfile
(file-exists-p tempfile)
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#10403; Package
emacs.
(Sat, 07 Jan 2012 07:13:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 10403 <at> debbugs.gnu.org (full text, mbox):
Could you review the patch posted by Paul? Thanks.
Paul Eggert <eggert <at> cs.ucla.edu> writes:
> === modified file 'lisp/ChangeLog'
> --- lisp/ChangeLog 2011-12-29 21:55:33 +0000
> +++ lisp/ChangeLog 2011-12-29 22:08:29 +0000
> @@ -1,5 +1,8 @@
> 2011-12-29 Paul Eggert <eggert <at> cs.ucla.edu>
>
> + * epg.el (epg--make-temp-file): Avoid permission race conditions
> + when creating temporary directories and files on older Emacs.
> +
> * files.el (move-file-to-trash): Preserve default file modes on error.
> (Bug#10401)
>
>
> === modified file 'lisp/epg.el'
> --- lisp/epg.el 2011-11-23 07:03:56 +0000
> +++ lisp/epg.el 2011-12-29 22:08:29 +0000
> @@ -1951,14 +1951,16 @@
> of PREFIX, and expanding against `temporary-file-directory' if necessary),
> is guaranteed to point to a newly created empty file.
> You can then use `write-region' to write new data into the file."
> - (let (tempdir tempfile)
> + (let (tempdir tempfile orig-modes)
> (setq prefix (expand-file-name prefix
> (if (featurep 'xemacs)
> (temp-directory)
> temporary-file-directory)))
> + (setq orig-modes (default-file-modes))
> (unwind-protect
> (let (file)
> ;; First, create a temporary directory.
> + (set-default-file-modes #o700)
> (while (condition-case ()
> (progn
> (setq tempdir (make-temp-name
> @@ -1969,14 +1971,12 @@
> (make-directory tempdir))
> ;; let's try again.
> (file-already-exists t)))
> - (set-file-modes tempdir 448)
> ;; Second, create a temporary file in the tempdir.
> ;; There *is* a race condition between `make-temp-name'
> ;; and `write-region', but we don't care it since we are
> ;; in a private directory now.
> (setq tempfile (make-temp-name (concat tempdir "/EMU")))
> (write-region "" nil tempfile nil 'silent)
> - (set-file-modes tempfile 384)
> ;; Finally, make a hard-link from the tempfile.
> (while (condition-case ()
> (progn
> @@ -1986,6 +1986,7 @@
> ;; let's try again.
> (file-already-exists t)))
> file)
> + (set-default-file-modes orig-modes)
> ;; Cleanup the tempfile.
> (and tempfile
> (file-exists-p tempfile)
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#10403; Package
emacs.
(Sat, 07 Jan 2012 18:20:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 10403 <at> debbugs.gnu.org (full text, mbox):
> Could you review the patch posted by Paul? Thanks.
> Paul Eggert <eggert <at> cs.ucla.edu> writes:
BTW, why copy the code from poe.el rather than from Emacs itself?
Also, why use `eval-and-compile' since the function is not used
during compilation?
I think what you wanted to do instead is
(defalias (if (fboundp 'make-temp-file) 'make-temp-file
(lambda (...) ...the copied fallback code...)))
-- Stefan
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#10403; Package
emacs.
(Tue, 10 Jan 2012 02:04:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 10403 <at> debbugs.gnu.org (full text, mbox):
Chong Yidong <cyd <at> gnu.org> writes:
> Could you review the patch posted by Paul? Thanks.
Thanks. It looks good to me.
I don't quite remember the intent of that permission logic though...
For the record, the original code is:
http://cvs.m17n.org/viewcvs/root/apel/poe.el?revision=1.90&view=markup
(the copyright has been assigned to FSF just in case)
Regards,
--
Daiki Ueno
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#10403; Package
emacs.
(Tue, 10 Jan 2012 02:59:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 10403 <at> debbugs.gnu.org (full text, mbox):
Stefan Monnier <monnier <at> iro.umontreal.ca> writes:
>> Could you review the patch posted by Paul? Thanks.
>> Paul Eggert <eggert <at> cs.ucla.edu> writes:
>
> BTW, why copy the code from poe.el rather than from Emacs itself?
Maybe because poe.el's code seems to provide better compatibility with
ancient Emacs and XEmacs. For example, in the Emacs definition of
make-temp-file, I see MUSTBENEW arg of write-region is used, which is
missing in XEmacs 21.4.
> Also, why use `eval-and-compile' since the function is not used
> during compilation?
Right. I think we could get rid of such a eval-and-compile from several
places.
Regards,
--
Daiki Ueno
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#10403; Package
emacs.
(Sat, 14 Jan 2012 07:11:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 10403 <at> debbugs.gnu.org (full text, mbox):
Daiki Ueno <ueno <at> unixuser.org> writes:
> Chong Yidong <cyd <at> gnu.org> writes:
>
>> Could you review the patch posted by Paul? Thanks.
>
> Thanks. It looks good to me.
> I don't quite remember the intent of that permission logic though...
Thanks, committed. Closing the bug.
bug marked as fixed in version 24.1, send any further explanations to
10403 <at> debbugs.gnu.org and Paul Eggert <eggert <at> cs.ucla.edu>
Request was from
Chong Yidong <cyd <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sat, 14 Jan 2012 07:12:02 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 11 Feb 2012 12:24:02 GMT)
Full text and
rfc822 format available.
This bug report was last modified 12 years and 103 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.