GNU bug report logs - #39563
default location of backup files

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: Pedro Moreira <pedro.moreira@HIDDEN>; dated Tue, 11 Feb 2020 14:42:04 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.
Changed bug title to 'default location of backup files' from 'temp files' Request was from Glenn Morris <rgm@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at 39563 <at> debbugs.gnu.org:


Received: (at 39563) by debbugs.gnu.org; 11 Feb 2020 16:52:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 11 11:52:00 2020
Received: from localhost ([127.0.0.1]:57420 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j1YlT-0004xV-MV
	for submit <at> debbugs.gnu.org; Tue, 11 Feb 2020 11:52:00 -0500
Received: from mail-ed1-f66.google.com ([209.85.208.66]:41934)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <mplscorwin@HIDDEN>) id 1j1YlR-0004xI-M9
 for 39563 <at> debbugs.gnu.org; Tue, 11 Feb 2020 11:51:58 -0500
Received: by mail-ed1-f66.google.com with SMTP id c26so5456989eds.8
 for <39563 <at> debbugs.gnu.org>; Tue, 11 Feb 2020 08:51:57 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=pZ1PHw9z+0M3VlblVIFtHh6wYS0TltL3rP4wr07NdUQ=;
 b=nR/t7NNuz4kw+xvgVbWdSFhJdfy2Dkak7Wujr+OWPq0hQm89x3CM+iaBjbYIU1t8Wx
 GfukRLEq3e2Ym585SfH9G0Vktcsot6dmbnKnSfi07xNgEsGnlZEyiGy9OdGH4ydR/ZhB
 diLjaPh1KZLi9fqft/Wqb/nlZewj7fb0fbzj8PJIMp/FN3Ev0L69/Qbe7wMPR4CcRwHv
 5gJiLoLgOllq4dHqACDUkJnCt0geD+w0YtC84VfkD6r/yMt+EMSqyzwwRv4/zK51je/g
 X6Yw1nj0uOyruzcFvFAbb+bcQwpiDMh4dyIt6vOQP0Jjn/ZsdSeAjVTACoOMa9gUBCJv
 FXRg==
X-Gm-Message-State: APjAAAXumOIhFWwmcrhNw0CsgLuBsWTb/TpTeG6kt2HIvVniCjhL38Re
 RzAES7gIm3RL0faWIMb8zL6Ym5wo0E/okP4+AYEQFe4V
X-Google-Smtp-Source: APXvYqxBYYTsdpplnGzRwP4dzfy+DcpoUbU5ugSri6KS23K2fH7SNVsMqbt/CO+5ezHCCkumFVGwanCei3b5SDoZrwg=
X-Received: by 2002:a17:906:82d6:: with SMTP id
 a22mr7192936ejy.242.1581439911354; 
 Tue, 11 Feb 2020 08:51:51 -0800 (PST)
MIME-Version: 1.0
References: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN>
In-Reply-To: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN>
From: Corwin Brust <corwin@HIDDEN>
Date: Tue, 11 Feb 2020 10:51:40 -0600
Message-ID: <CAJf-WoSEdUBe9EdW6YcWa_fH4SnOSt7FA9aOuikD5jJhPP5A3Q@HIDDEN>
Subject: Re: bug#39563: temp files
To: Pedro Moreira <pedro.moreira@HIDDEN>
Content-Type: multipart/alternative; boundary="000000000000266688059e4facc8"
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 39563
Cc: 39563 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

--000000000000266688059e4facc8
Content-Type: text/plain; charset="UTF-8"

Greetings!

On Tue, Feb 11, 2020, 08:43 Pedro Moreira <pedro.moreira@HIDDEN> wrote:

> Hello!
>
> if a user edits a php file using emacs directly at the webserver, emacs
> automatically saves a temp file at the same location, for example the
> user opens index.php, emacs stores a copy index.php~.
>
> Therefore the code in that file is exposed.
>

Editing files directly under the server root while the server is running is
a bit risky to start with.  If you can use any sort of CI that will
generally pay dividends in terms of "an ounce of prevention".

>
> I know this could be resolved with webserver configuration.


Whether or not any of the Emacs condig changes I mention in the rest of the
message seem useful, for Apache httpd 2, I definitely recommend something
like:

IgnoreIndex *~
<Files "*~$">
order allow deny
deny from all
</Files>


For myself, I would focus on the Emacs side of the equation, considering
first if I want backs in the situations, where they should be, and so
forth.

https://www.gnu.org/software/emacs/manual/html_node/elisp/Making-Backups.html

Unless you/users happen to be accessing via remote Emacs sessions, in which
case maybe you prefer something like :

(add-to-list 'backup-directory-alist
             (cons tramp-file-name-regexp nil))

Or look at:

enable-remote-dir-locals which could be used to set a backup disable (or
storage plan) configabove in a .dirs-local file kept on the server.  This
setting would have to be configured on a given Emacs that is remotely
accessing your web-server for the dirs-local file to be honored when using
tramp to exit server files in place via remote emacs.

But it is a
> problem i just discovered and leaves me very unconfortable using emacs.
>

Point taken.  I note this is called out in documentation for tramp although
the example given is exposing ssh config info not raw delivery of
server-side source.

I can see an argument that the defaults, which enable backup on on save by
renaming the original after appending a ~, could benefit from some
defensive special case behaviour. For example, when tramp picks up autosave
defaults, it could potentially use some of the special casing for su and so
forth floating around EmacsWiki without taking away configures
functionally.  Some, at least, probably won't prefer this as a default.

That said, special casing that would respect a path under an httpd2
document root or what-have-you seems like it should be the domain on a
dedicated program that knowns a bit about web server products and can
supply good defaults or otherwise use the servers config to DWIM.

Maybe should be better the temp file beying stored like index~.php or
> index.bck.php.
>

Options to set this up exist also, although i
I haven't setup anything like this so far.  This is what I would look at,
except that, in the event I use the apache rule similar to the above
because I *do* want in place backups anytime I find myself hot-patching
under a doc-root but I don't want them shown when I allow directory index.

(I currently allow access to the file if you know the name, which I
probably should not. In my setup if you can figure out the name of the
script that handles /foo/bar you can probably read HEAD-1 of source by
hitting the backup file directly.)


> Thanks
>

Is any of this helpful?

>

--000000000000266688059e4facc8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div>Greetings!<br><br><div class=3D"gmail_quote"><div di=
r=3D"ltr" class=3D"gmail_attr">On Tue, Feb 11, 2020, 08:43 Pedro Moreira &l=
t;<a href=3D"mailto:pedro.moreira@HIDDEN">pedro.moreira@HIDDEN</a>&gt=
; wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .=
8ex;border-left:1px #ccc solid;padding-left:1ex">Hello!<br>
<br>
if a user edits a php file using emacs directly at the webserver, emacs <br=
>
automatically saves a temp file at the same location, for example the <br>
user opens index.php, emacs stores a copy index.php~.<br>
<br>
Therefore the code in that file is exposed.=C2=A0<br></blockquote></div></d=
iv><div dir=3D"auto"><br></div><div dir=3D"auto">Editing files directly und=
er the server root while the server is running is a bit risky to start with=
.=C2=A0 If you can use any sort of CI that will generally pay dividends in =
terms of &quot;an ounce of prevention&quot;.</div><div dir=3D"auto"><div cl=
ass=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0=
 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I know this could be resolved with webserver configuration.</blockquote></d=
iv></div><div dir=3D"auto"><br></div><div dir=3D"auto">Whether or not any o=
f the Emacs condig changes I mention in the rest of the message seem useful=
, for Apache httpd 2, I definitely recommend something like:</div><div dir=
=3D"auto"><br></div><div dir=3D"auto">IgnoreIndex *~</div><div dir=3D"auto"=
>&lt;Files &quot;*~$&quot;&gt;</div><div dir=3D"auto">order allow deny</div=
><div dir=3D"auto">deny from all</div><div dir=3D"auto">&lt;/Files&gt;</div=
><div dir=3D"auto"><br></div><div dir=3D"auto"><br></div><div dir=3D"auto">=
For myself, I would focus on the Emacs side of the equation, considering fi=
rst if I want backs in the situations, where they should be, and so forth.=
=C2=A0</div><div dir=3D"auto"><br></div><div dir=3D"auto"><a href=3D"https:=
//www.gnu.org/software/emacs/manual/html_node/elisp/Making-Backups.html">ht=
tps://www.gnu.org/software/emacs/manual/html_node/elisp/Making-Backups.html=
</a><br></div><div dir=3D"auto"><br></div><div dir=3D"auto">Unless you/user=
s happen to be accessing via remote Emacs sessions, in which case maybe you=
 prefer something like :</div><div dir=3D"auto"><pre>(add-to-list &#39;back=
up-directory-alist
             (cons tramp-file-name-regexp nil))</pre></div><div dir=3D"auto=
">Or look at:</div><div dir=3D"auto"><br></div><div dir=3D"auto"><span styl=
e=3D"font-family:monospace;font-size:medium;background-color:rgb(238,238,23=
8)">enable-remote-dir-locals</span>=C2=A0which could be used to set a backu=
p disable (or storage plan) configabove in a .dirs-local file kept on the s=
erver.=C2=A0 This setting would have to be configured on a given Emacs that=
 is remotely accessing your web-server for the dirs-local file to be honore=
d when using tramp to exit server files in place via remote emacs.</div><di=
v dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_quote"><bloc=
kquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #cc=
c solid;padding-left:1ex">But it is a <br>
problem i just discovered and leaves me very unconfortable using emacs.<br>=
</blockquote></div></div><div dir=3D"auto"><br></div><div dir=3D"auto">Poin=
t taken.=C2=A0 I note this is called out in documentation for tramp althoug=
h the example given is exposing ssh config info not raw delivery of server-=
side source.</div><div dir=3D"auto"><br></div><div dir=3D"auto">I can see a=
n argument that the defaults, which enable backup on on save by renaming th=
e original after appending a ~, could benefit from some defensive special c=
ase behaviour. For example, when tramp picks up autosave defaults, it could=
 potentially use some of the special casing for su and so forth floating ar=
ound EmacsWiki without taking away configures functionally.=C2=A0 Some, at =
least, probably won&#39;t prefer this as a default.</div><div dir=3D"auto">=
<br></div><div dir=3D"auto">That said, special casing that would respect a =
path under an httpd2 document root or what-have-you seems like it should be=
 the domain on a dedicated program that knowns a bit about web server produ=
cts and can supply good defaults or otherwise use the servers config to DWI=
M.</div><div dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"gmail_q=
uote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l=
eft:1px #ccc solid;padding-left:1ex">Maybe should be better the temp file b=
eying stored like index~.php or <br>
index.bck.php.<br></blockquote></div></div><div dir=3D"auto"><br></div><div=
 dir=3D"auto">Options to set this up exist also, although i</div><div dir=
=3D"auto">I haven&#39;t setup anything like this so far.=C2=A0 This is what=
 I would look at, except that, in the event I use the apache rule similar t=
o the above because I *do* want in place backups anytime I find myself hot-=
patching under a doc-root but I don&#39;t want them shown when I allow dire=
ctory index.</div><div dir=3D"auto"><br></div><div dir=3D"auto">(I currentl=
y allow access to the file if you know the name, which I probably should no=
t. In my setup if you can figure out the name of the script that handles /f=
oo/bar you can probably read HEAD-1 of source by hitting the backup file di=
rectly.)</div><div dir=3D"auto"><br></div><div dir=3D"auto"><div class=3D"g=
mail_quote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex">
<br>
Thanks<br></blockquote></div></div><div dir=3D"auto"><br></div><div dir=3D"=
auto">Is any of this helpful?</div><div dir=3D"auto"><div class=3D"gmail_qu=
ote"><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-le=
ft:1px #ccc solid;padding-left:1ex"></blockquote></div></div></div>

--000000000000266688059e4facc8--




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#39563; Package emacs. Full text available.

Message received at 39563 <at> debbugs.gnu.org:


Received: (at 39563) by debbugs.gnu.org; 11 Feb 2020 15:15:20 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 11 10:15:20 2020
Received: from localhost ([127.0.0.1]:57362 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j1XFw-0002gw-DB
	for submit <at> debbugs.gnu.org; Tue, 11 Feb 2020 10:15:20 -0500
Received: from mail-ed1-f51.google.com ([209.85.208.51]:40534)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <raaahh@HIDDEN>) id 1j1XFu-0002ge-Jl
 for 39563 <at> debbugs.gnu.org; Tue, 11 Feb 2020 10:15:19 -0500
Received: by mail-ed1-f51.google.com with SMTP id p3so5058962edx.7
 for <39563 <at> debbugs.gnu.org>; Tue, 11 Feb 2020 07:15:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:subject:to:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=6n8C/CBLVI+u9NJLBwtC7AbXmLiYFUJoI/vcNNSrCj0=;
 b=LofcXogRpi5CQV95rL7l94Q5GMJ/s0mNtJoiE9CA++ZmYKqw3BIqciEHkqlnVe7V/U
 Oa12ABUatGv/z7xDqyTikKTzocXAwIp9c+/GPVN8YJpuRHahHHOAIWE5cguKA93mpOOm
 t938NpF9P5cyINimAAOeaS9jEo0QBWfKpJyW1x9B96eLCWXGIYEotE0diMjpOp8tniNU
 /efnrzoGOCGV33yg8jsQRkGZfuw1k8sAdQJxGZIlCzH7Fuzu24hYhU9ThfoFU78T5rc/
 feJM9SCkv5GoALy9Zi4kkEsJO1DX/RiP4jvEAimIWmPQxR5LWZbSGjyylG6hQWBpGeK+
 6EzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:subject:to:references:from:message-id
 :date:user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=6n8C/CBLVI+u9NJLBwtC7AbXmLiYFUJoI/vcNNSrCj0=;
 b=dHgTFp+qzgOMdepqRMM23EYuWHGxqHRRI3ulFwhhUFQ+lf5AGznvaA9HHsW7NZiLBy
 4HSKZqY9lfdwKHjgBUCSYOrhsXNLg7r/AnIP3Z3yHD+av+RFEDk0g8UaDIRmQ8/Ybe4f
 n7YZxe8xJdUSU6VH3G4sx0o/MUWZp64BkJmfLbRVaZIZZfkNgY29aFCk0HqVQJFN0Idb
 LANmKTM5BMaLR8ZwFijWSb6kzM5WuX5X7ap7PjrYGOcrJMmGBwVKlgL8NPtaXJzwjhfb
 7suevC4Qg+oknQpdvSwfZonoJ9zQZK8x9HZ/gCOhsYofUcfBztk0ZZee0s8RRIo00xYA
 dulA==
X-Gm-Message-State: APjAAAUcQDy69wKiaPcwwjK6f2X1ceuheMkpyqVbSBU1JoaCSw9Fco5b
 CWLE2VZzXMTAVcFnvvYRQZ05dX46in8=
X-Google-Smtp-Source: APXvYqw1KBKtwRBpFdU9rh73CWSuYAycIdKzFeGUTijjbnRk2Q/KIfv47LKuvoWHQJWYqWpFbKNWYA==
X-Received: by 2002:aa7:d510:: with SMTP id y16mr6475168edq.214.1581434112653; 
 Tue, 11 Feb 2020 07:15:12 -0800 (PST)
Received: from [192.168.0.155] ([109.110.245.170])
 by smtp.googlemail.com with ESMTPSA id z10sm379894ejn.16.2020.02.11.07.15.11
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 11 Feb 2020 07:15:11 -0800 (PST)
Subject: Re: bug#39563: temp files
To: Pedro Moreira <pedro.moreira@HIDDEN>, 39563 <at> debbugs.gnu.org
References: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN>
From: Dmitry Gutov <dgutov@HIDDEN>
Message-ID: <1bb04a39-4869-3ee7-2ac9-a73126f1499b@HIDDEN>
Date: Tue, 11 Feb 2020 17:15:10 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.5 (/)
X-Debbugs-Envelope-To: 39563
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.5 (/)

On 11.02.2020 13:32, Pedro Moreira wrote:
> Therefore the code in that file is exposed. If an attacker tries to 
> access files like https://domain.com/index.php~ the server wont 
> interpret that file as php and presents it as plain text exposing the 
> source code.

Would it be better for the server to interpret it as PHP code and allow 
an arbitrary visitor to run whatever intermediary version of your code 
that's in the backup?




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#39563; Package emacs. Full text available.

Message received at 39563 <at> debbugs.gnu.org:


Received: (at 39563) by debbugs.gnu.org; 11 Feb 2020 15:08:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 11 10:08:11 2020
Received: from localhost ([127.0.0.1]:57353 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j1X91-0002W9-Ar
	for submit <at> debbugs.gnu.org; Tue, 11 Feb 2020 10:08:11 -0500
Received: from mx2.suse.de ([195.135.220.15]:57722)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <schwab@HIDDEN>) id 1j1X8y-0002Vv-OS
 for 39563 <at> debbugs.gnu.org; Tue, 11 Feb 2020 10:08:09 -0500
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay2.suse.de (unknown [195.135.220.254])
 by mx2.suse.de (Postfix) with ESMTP id B0304AE2A;
 Tue, 11 Feb 2020 15:08:02 +0000 (UTC)
From: Andreas Schwab <schwab@HIDDEN>
To: Pedro Moreira <pedro.moreira@HIDDEN>
Subject: Re: bug#39563: temp files
References: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN>
X-Yow: I'm ANN LANDERS!!  I can SHOPLIFT!!
Date: Tue, 11 Feb 2020 16:08:02 +0100
In-Reply-To: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN> (Pedro Moreira's
 message of "Tue, 11 Feb 2020 11:32:56 +0000")
Message-ID: <mvmr1z1cgbx.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 39563
Cc: 39563 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

On Feb 11 2020, Pedro Moreira wrote:

> if a user edits a php file using emacs directly at the webserver

Surely you shouldn't be doing that with any editor.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@HIDDEN
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#39563; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 11 Feb 2020 14:42:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 11 09:42:02 2020
Received: from localhost ([127.0.0.1]:56100 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1j1Wjh-0001aD-HU
	for submit <at> debbugs.gnu.org; Tue, 11 Feb 2020 09:42:02 -0500
Received: from lists.gnu.org ([209.51.188.17]:44886)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pedro.moreira@HIDDEN>) id 1j1Tmt-0001cX-PQ
 for submit <at> debbugs.gnu.org; Tue, 11 Feb 2020 06:33:08 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:45612)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <pedro.moreira@HIDDEN>) id 1j1Tms-0007JI-H4
 for bug-gnu-emacs@HIDDEN; Tue, 11 Feb 2020 06:33:07 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50, MSGID_FROM_MTA_HEADER,
 RCVD_IN_DNSWL_NONE, RECEIVED_FROM_WINDOWS_HOST autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <pedro.moreira@HIDDEN>) id 1j1Tmq-0000nz-Tj
 for bug-gnu-emacs@HIDDEN; Tue, 11 Feb 2020 06:33:05 -0500
Received: from mail-db8eur05on2099.outbound.protection.outlook.com
 ([40.107.20.99]:56256 helo=EUR05-DB8-obe.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <pedro.moreira@HIDDEN>)
 id 1j1Tmo-0000f1-SP
 for bug-gnu-emacs@HIDDEN; Tue, 11 Feb 2020 06:33:03 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bw/ykaEoLKJDhXuKmFkysSbOTVtIghr7Y/UMAT3wQ959SnKrC/L2eZJVA8o/cGVQo8PdUzL/N/KphO/kJXKVj8iXKf6OWcuApbxk7R9me7sC7AnEJVUNQLBDoVbBC0dQvvsM72H6umEGHUfhkQeRQ2Zh7hBjaSjlnMshuR6g6FVOgTiDjE4gQ9oxetD3jOPfLGJA3PYg2cvk8MXr8Y9LpsHuye7NjvZJn0zeSxV6mxez6Lt9WxVAe38P1rDsFkPj9DbrSdVRbav+mNjmR6+QeSzKT63CZhifFsq8YNd4LkpfS+P42MQRvmVtFy5y31OXpb+C/CvCJE6Ml2INTgCwwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xs71LTmtCCZIBJMTDiA20lijVYZDQBIroWzj+UkX0zY=;
 b=fUoHkuKkTOcoNNVsAjcMclsRIAJIx0s5ubWFNroYjW+Ju5wgM1tpGH3UcsCqs/0gKFkStCyDTpRKUlUSkN1XYlj7jvDX9PwvPjwuFrUqEGTV2Byx7rmqHSr6jZCcUtnsb28bpsFmyU6F/LwJ7iug7K6yWnrAaY4vLvSECfU/93XclFUd/a+LvG52UaFH9qJ1o016Mww/cTTRSIUtZvOVyfktD1Wf9Jld+YEDxXMH2RBAuODBH0H1DrQavoV36hNUt6Zpr4QPakYuWV1mfC/KfeVITFa74AeDU6THcxLNTKtjWX62QtC/JAm3gtsIw2j1/azgBTnl+BUuBRBzZtTkJw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=ipbeja.pt; dmarc=pass action=none header.from=ipbeja.pt;
 dkim=pass header.d=ipbeja.pt; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ipbejapt.onmicrosoft.com; s=selector2-ipbejapt-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=xs71LTmtCCZIBJMTDiA20lijVYZDQBIroWzj+UkX0zY=;
 b=C/6DHK0B5dCHD84dGSMVWVu5SMT4nCAZhkMTy/xeyt3G19A1sF8TqWJA7Z/JPkmGhy3oqboBgxXQRdLLEw3OSogEneDMrDMGoPpm1HLeAAw+/mb1q0dn3le302Qk4NbLGWdNp2b3igHe/kE02WkgqGzM1iKPb9jMOWiYU4GYPWM=
Authentication-Results: spf=none (sender IP is )
 smtp.mailfrom=pedro.moreira@HIDDEN; 
Received: from VI1PR07MB4319.eurprd07.prod.outlook.com (20.176.1.148) by
 VI1PR07MB4655.eurprd07.prod.outlook.com (20.177.57.87) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2729.16; Tue, 11 Feb 2020 11:32:59 +0000
Received: from VI1PR07MB4319.eurprd07.prod.outlook.com
 ([fe80::8c0:2dbc:e581:4bb5]) by VI1PR07MB4319.eurprd07.prod.outlook.com
 ([fe80::8c0:2dbc:e581:4bb5%3]) with mapi id 15.20.2729.021; Tue, 11 Feb 2020
 11:32:59 +0000
To: bug-gnu-emacs@HIDDEN
From: Pedro Moreira <pedro.moreira@HIDDEN>
Subject: temp files
Message-ID: <eb9fe5a7-cb4b-1433-3b04-3992edad717a@HIDDEN>
Date: Tue, 11 Feb 2020 11:32:56 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.4.1
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-ClientProxiedBy: LO2P265CA0263.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:8a::35) To VI1PR07MB4319.eurprd07.prod.outlook.com
 (2603:10a6:802:5b::20)
MIME-Version: 1.0
Received: from [192.168.200.182] (193.137.135.39) by
 LO2P265CA0263.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:8a::35) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2707.21 via Frontend Transport; Tue, 11 Feb 2020 11:32:59 +0000
X-Originating-IP: [193.137.135.39]
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1d7ed1e9-950a-49d8-a5e7-08d7aee625c0
X-MS-TrafficTypeDiagnostic: VI1PR07MB4655:
X-Microsoft-Antispam-PRVS: <VI1PR07MB46556BEB33502E054C19638BE8180@HIDDEN>
X-MS-Oob-TLC-OOBClassifiers: OLM:6430;
X-Forefront-PRVS: 0310C78181
X-Forefront-Antispam-Report: SFV:NSPM;
 SFS:(10001)(10019020)(346002)(376002)(396003)(366004)(39850400004)(136003)(199004)(189003)(5660300002)(2616005)(966005)(66476007)(36756003)(66946007)(66556008)(956004)(52116002)(478600001)(316002)(16799955002)(186003)(4744005)(26005)(16576012)(786003)(16526019)(81166006)(3480700007)(6916009)(7116003)(6666004)(44832011)(86362001)(8936002)(31686004)(6486002)(31696002)(2906002)(8676002)(81156014);
 DIR:OUT; SFP:1102; SCL:1; SRVR:VI1PR07MB4655;
 H:VI1PR07MB4319.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; A:1; MX:1; 
Received-SPF: None (protection.outlook.com: ipbeja.pt does not designate
 permitted sender hosts)
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: v0HwzPMF0LuSod9ry5wl1+AVvLNrfmHUS9wYYS85sD4d7FNBB+qrb2Crq+IA87GTgA5gnykJmhMrJteCIGhjzmXw7bX8TMHKc7OFWs7MhmNzHMUFiB8koUetk7H93IlLQGZjQsWVrD6UhBPnyhRQw7K+QphNX630m2RJRoxylsMe9RyECHxzlVy4wK7PQEdUlk6B2UzJQuQ2S1LA6wEB7C94JPkA/K656K+Db9RBOnHq35cUmYl0PEjFb0hIPMrdR9mBck2TMIWbjHF/LrW8tIq5cLIeXZNX1lQaDXwA9dltnUyvnO5AP6GiXZwGLrfX/mFbSteMW8XL6FQoVKXvc7eGofuUebRhpBsFP9cpPb/0p58e4VO9b1R1+Hnc4Aipoz4hDRufu2O0Ov7qKHNIxS2cDkYrBjvg09cyGvKQfjWiemr8LNDnHw58n0mqgRHz51eMX2OIOTRCehhGZHN9RGLYvV33neZ1Hs9NlOpDvrScMtz1/xAoFAD7rH7OcKICuP5gWx6NEq2Nwgt+uQ8ngG3+OZ1/BcbIUNgNSHbuvdu6i2M0Lx8tO+NJxhjWAKXiJn470WxVuWMMfyHOM2L8mz0eb+OBfNRGnw+PKpilqgbFbFQJB2EVdlg3WiQXtB8D
X-MS-Exchange-AntiSpam-MessageData: UEho58oEJy3CC/nqlUeJkYDkcv5abGa8DFNyxO9XfD5CLda+ibyxWHNsOkoarkBzFY1s+h2pHuppc06+cgv7zxc8Oyit8V2ucT6O5s4einOVxucXaHKdewDRvasquqRX5LRvmAHPg5u3n/IqseN2Pw==
X-OriginatorOrg: ipbeja.pt
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d7ed1e9-950a-49d8-a5e7-08d7aee625c0
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Feb 2020 11:32:59.7326 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 5ff8e9b0-875f-40ce-ab1f-70ef036aa36a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: fvlR4gYWCiAog4kA2QM/2Y2Ujl9xGxtxnS3p6FAflSGrZZ6QqIqebJ7sqE47158wH0uS9C9OJX4uQN5T2j2okA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR07MB4655
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-Received-From: 40.107.20.99
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 11 Feb 2020 09:42:00 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)

Hello!

if a user edits a php file using emacs directly at the webserver, emacs 
automatically saves a temp file at the same location, for example the 
user opens index.php, emacs stores a copy index.php~.

Therefore the code in that file is exposed. If an attacker tries to 
access files like https://domain.com/index.php~ the server wont 
interpret that file as php and presents it as plain text exposing the 
source code.

I know this could be resolved with webserver configuration. But it is a 
problem i just discovered and leaves me very unconfortable using emacs.

Maybe should be better the temp file beying stored like index~.php or 
index.bck.php.

Thanks





Acknowledgement sent to Pedro Moreira <pedro.moreira@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#39563; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 17 Feb 2020 03:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.