[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [h-e-w] c:/.emacs.d/server' is unsafe

From: Eli Zaretskii
Subject: Re: [h-e-w] c:/.emacs.d/server' is unsafe
Date: Fri, 11 Mar 2011 20:39:46 +0200

> From: Ben Key <address@hidden>
> Date: Fri, 11 Mar 2011 10:42:25 -0600
> My guess is that the reason it did not work is that Gamoto was attempting to
> use a directory other than "C:\Documents and
> Settings\Administrator\Application Data" as his home directory.

As you saw in the meantime, that is not the case.  It was a simple
cockpit error.  Files and directories owned by Administrator can live
in any directory on the disk,not just under "Application Data".

> Windows uses special security settings for the Application Data
> directory that are intended to ensure only the user the Application
> Data directory is for has access to it

Well, that's not really accurate (e.g., I can easily access that
directory of Administrator on my system, although I'm not
Administrator).  That's because Windows allows access to files and
directories not only according to the rights explicitly stored with
the file's security information, but also via implicit access rights
due to user's being part of certain user groups.  For example, all
members of the "Users" group can access all the files of any other
member of "Users", even though that user's name is not recorded in the
ACLs of the file with any kind of access rights.

But that is another theme for another rainy day.  It isn't really
relevant to the issue at hand.  I mentioned it to make a point: that
on Windows, creating a directory that is accessible only by a single
user is a highly non-trivial task.

> If I set HOME to "c:\" and start Emacs, and then call server-start,
> the server directory is created in "c:\.emacs.d\server" and I get
> the server unsafe message.

I got tired of answering questions about this warning, so I modified
server.el in the repository a few hours ago to consider this situation
(whereby the user is Administrator whereas the directory owner is
Administrators) as safe.  I hope this will finally put this issue to

Btw, there are quite a few places in Emacs Lisp sources where the
user's UID is compared to zero, the assumption being that a UID of
zero means the super-user.  This is incorrect on Windows, where the
corresponding UID is 500 (while zero is a UID of Everybody, a user who
has no rights at all).  Perhaps someone would want to write a function
root-uid-p, say, that will DTRT both on Posix and Windows, and then
fix all those places?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]