bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#865: 23.0.60; The directory is unsafe today


From: Noam Postavsky
Subject: bug#865: 23.0.60; The directory is unsafe today
Date: Sun, 24 Sep 2017 17:25:37 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.60 (gnu/linux)

"Lennart Borgman (gmail)" <address@hidden> writes:

> server-ensure-safe-dir complained today during server-start. Examining
> the values in server-ensure-safe-dir I found the following:

I don't know how to solve this bug, but I recently handled a similar bug
report from a macOS user[1] (still open, it's intermittent so very slow
to track down) and I found the error message rather unhelpful.  I'll
push the following to emacs-26 in a few days if there are no objections.

>From b8e526e3861e64115f1458b2e53c2c0a838eb25d Mon Sep 17 00:00:00 2001
From: Noam Postavsky <address@hidden>
Date: Sun, 27 Aug 2017 23:09:32 -0400
Subject: [PATCH] Make "unsafe directory" error message more informative
 (Bug#865)

* lisp/server.el (server-ensure-safe-dir): Produce a description for
each "unsafe" condition.
---
 lisp/server.el | 47 ++++++++++++++++++++++++++---------------------
 1 file changed, 26 insertions(+), 21 deletions(-)

diff --git a/lisp/server.el b/lisp/server.el
index 8aafa1c257..33800a9868 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -525,30 +525,35 @@ server-ensure-safe-dir
     ;; Check that it's safe for use.
     (let* ((uid (nth 2 attrs))
           (w32 (eq system-type 'windows-nt))
-          (safe (cond
-                 ((not (eq t (car attrs))) nil)  ; is a dir?
-                 ((and w32 (zerop uid))          ; on FAT32?
-                  (display-warning
-                   'server
-                   (format-message "\
+           (unsafe (cond
+                    ((not (eq t (car attrs)))
+                     (format "it is a %s" (if (stringp (car attrs))
+                                              "symlink" "file")))
+                    ((and w32 (zerop uid)) ; on FAT32?
+                     (display-warning
+                      'server
+                      (format-message "\
 Using `%s' to store Emacs-server authentication files.
 Directories on FAT32 filesystems are NOT secure against tampering.
 See variable `server-auth-dir' for details."
-                           (file-name-as-directory dir))
-                   :warning)
-                  t)
-                 ((and (/= uid (user-uid))       ; is the dir ours?
-                       (or (not w32)
-                           ;; Files created on Windows by Administrator
-                           ;; (RID=500) have the Administrators (RID=544)
-                           ;; group recorded as the owner.
-                           (/= uid 544) (/= (user-uid) 500)))
-                  nil)
-                 (w32 t)                         ; on NTFS?
-                 (t                              ; else, check permissions
-                  (zerop (logand ?\077 (file-modes dir)))))))
-      (unless safe
-       (error "The directory `%s' is unsafe" dir)))))
+                                      (file-name-as-directory dir))
+                      :warning)
+                     nil)
+                    ((and (/= uid (user-uid)) ; is the dir ours?
+                          (or (not w32)
+                              ;; Files created on Windows by Administrator
+                              ;; (RID=500) have the Administrators (RID=544)
+                              ;; group recorded as the owner.
+                              (/= uid 544) (/= (user-uid) 500)))
+                     (format "it is not owned by you (owner = %s (%d))"
+                             (user-full-name (user-uid)) (user-uid)))
+                    (w32 nil)           ; on NTFS?
+                    ((/= 0 (logand ?\077 (file-modes dir)))
+                     (format "it is accessible by others (%03o)"
+                             (file-modes dir)))
+                    (t nil))))
+      (when unsafe
+        (error "`%s' is not a safe directory because %s" dir unsafe)))))
 
 (defun server-generate-key ()
   "Generate and return a random authentication key.
-- 
2.11.0

[1]: https://github.com/magit/magit/issues/3148

reply via email to

[Prev in Thread] Current Thread [Next in Thread]