[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files w
From: |
Teemu Likonen |
Subject: |
bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method |
Date: |
Mon, 29 Jun 2009 18:16:30 +0300 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/23.1.50 (gnu/linux) |
When method /su: or /sudo: is used to _create_ a file the file's
permission will be set to -rwxrwxrwx (777), that is, allow everything
for everyone. Obviously this is serious security bug. Steps to
reproduce:
1. Start Emacs as a normal user:
emacs -Q
2. Create a file in a directory to which the user who launched this
Emacs session doesn't have write access.
C-x C-f /su::/root/test.txt
3. Write some content to the file and save it with "C-x C-s".
4. Check file's permissions. It has 777 permission bits:
$ ls -l /root/test.txt
-rwxrwxrwx 1 root root 5 2009-06-29 17:58 /root/test.txt
For some reason, if I create similar file to the same user's home
directory who launched this Emacs session (/su::$HOME/test.txt) then it
gets 644 permissions (probably honoring umask settings).
In GNU Emacs 23.1.50.4 (i686-pc-linux-gnu, GTK+ Version 2.12.12)
of 2009-06-29 on mithlond
Windowing system distributor `The X.Org Foundation', version 11.0.10402000
configured using `configure '--prefix=/home/dtw/local''
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method,
Teemu Likonen <=
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Teemu Likonen, 2009/06/29
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Michael Albinus, 2009/06/29
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Teemu Likonen, 2009/06/29
- Message not available
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Teemu Likonen, 2009/06/29
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Michael Albinus, 2009/06/30
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Teemu Likonen, 2009/06/30
- bug#3712: 23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method, Michael Albinus, 2009/06/30
bug#3712: marked as done (23.1.50; SECURITY: Tramp creates -rwxrwxrwx permission files with /su and /sudo method), Emacs bug Tracking System, 2009/06/30