bug#29182: CVE-2017-1000383: umask and backup files

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#29182: CVE-2017-1000383: umask and backup files

From:	Glenn Morris
Subject:	bug#29182: CVE-2017-1000383: umask and backup files
Date:	Mon, 06 Nov 2017 16:56:18 -0500
User-agent:	Gnus (www.gnus.org), GNU Emacs (www.gnu.org/software/emacs/)

Package: emacs
Version: 25.3
Tags: security

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000383

  GNU Emacs version 25.3.1 (and other versions most likely) ignores umask
  when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in
  files that may be world readable or otherwise accessible in ways not
  intended by the user running the emacs binary.

[I'm not sure why this apparently hasn't been reported here before now?]

[Prev in Thread]

Current Thread

[Next in Thread]

bug#29182: CVE-2017-1000383: umask and backup files, Glenn Morris <=
- bug#29182: CVE-2017-1000383: umask and backup files, Glenn Morris, 2017/11/06
  - bug#29182: CVE-2017-1000383: umask and backup files, Glenn Morris, 2017/11/07
    - bug#29182: CVE-2017-1000383: umask and backup files, Glenn Morris, 2017/11/13
    - bug#29182: CVE-2017-1000383: umask and backup files, Eli Zaretskii, 2017/11/14

Prev by Date: bug#29150: Fwd: 26.0.90; Input decoding is sometimes skipped in TTY (xterm-mouse-mode)
Next by Date: bug#20489: 25.0.50; next-error-find-buffer chooses non-current buffer without good reason
Previous by thread: bug#29180: 27.0.50; Bootstrapping on MINGW64 fails with "dumped_data_commit: memory exhausted"
Next by thread: bug#29182: CVE-2017-1000383: umask and backup files
Index(es):
- Date
- Thread