master 734eb7e: Fix some file-modes races

[Paul Eggert]

branch: master
commit 734eb7e457da8a9b2c91798d591c03285c6967ce
Author: Paul Eggert <address@hidden>
Commit: Paul Eggert <address@hidden>

    Fix some file-modes races
    
    * lisp/gnus/gnus-start.el (gnus-save-newsrc-file)
    (gnus-slave-save-newsrc):
    * lisp/gnus/gnus-uu.el (gnus-uu-initialize):
    * lisp/gnus/mm-archive.el (mm-dissect-archive):
    * lisp/gnus/mm-decode.el (mm-temp-files-delete)
    (mm-display-external):
    * lisp/image-dired.el (image-dired-create-thumb-1):
    Use with-file-modes rather than setting the file modes later.
    This fixes some race conditions where the file temporarily
    has the wrong permissions.
---
 lisp/gnus/gnus-start.el | 22 ++++++++++------------
 lisp/gnus/gnus-uu.el    |  4 ++--
 lisp/gnus/mm-archive.el |  5 +++--
 lisp/gnus/mm-decode.el  | 18 +++++++++---------
 lisp/image-dired.el     |  4 ++--
 5 files changed, 26 insertions(+), 27 deletions(-)

diff --git a/lisp/gnus/gnus-start.el b/lisp/gnus/gnus-start.el
index 1fd2575..873923e 100644
--- a/lisp/gnus/gnus-start.el
+++ b/lisp/gnus/gnus-start.el
@@ -2812,7 +2812,7 @@ values from `gnus-newsrc-hashtb', and write a new value of
                               (file-exists-p working-file)))
 
                (unwind-protect
-                    (progn
+                   (with-file-modes (file-modes startup-file)
                       (gnus-with-output-to-file working-file
                        (gnus-gnus-to-quick-newsrc-format)
                        (gnus-run-hooks 'gnus-save-quick-newsrc-hook))
@@ -2822,14 +2822,12 @@ values from `gnus-newsrc-hashtb', and write a new value 
of
                       ;; file.
                       (let ((buffer-backed-up nil)
                             (buffer-file-name startup-file)
-                            (file-precious-flag t)
-                            (setmodes (file-modes startup-file)))
+                           (file-precious-flag t))
                        ;; Backup the current version of the startup file.
                        (backup-buffer)
 
                        ;; Replace the existing startup file with the temp file.
                        (rename-file working-file startup-file t)
-                       (gnus-set-file-modes startup-file setmodes)
                        (setq gnus-save-newsrc-file-last-timestamp
                              (file-attribute-modification-time
                               (file-attributes startup-file)))))
@@ -3004,14 +3002,14 @@ SPECIFIC-VARIABLES, or those in `gnus-variable-list'."
 
 (defun gnus-slave-save-newsrc ()
   (with-current-buffer gnus-dribble-buffer
-    (let ((slave-name
-          (make-temp-file (concat gnus-current-startup-file "-slave-")))
-         (modes (ignore-errors
-                  (file-modes (concat gnus-current-startup-file ".eld")))))
-      (let ((coding-system-for-write gnus-ding-file-coding-system))
-       (gnus-write-buffer slave-name))
-      (when modes
-       (gnus-set-file-modes slave-name modes)))))
+    (with-file-modes (or (ignore-errors
+                          (file-modes
+                           (concat gnus-current-startup-file ".eld")))
+                        (default-file-modes))
+      (let ((slave-name
+            (make-temp-file (concat gnus-current-startup-file "-slave-"))))
+       (let ((coding-system-for-write gnus-ding-file-coding-system))
+         (gnus-write-buffer slave-name))))))
 
 (defun gnus-master-read-slave-newsrc ()
   (let ((slave-files
diff --git a/lisp/gnus/gnus-uu.el b/lisp/gnus/gnus-uu.el
index d40ba9c..4037221 100644
--- a/lisp/gnus/gnus-uu.el
+++ b/lisp/gnus/gnus-uu.el
@@ -1781,8 +1781,8 @@ Gnus might fail to display all of it.")
                 gnus-uu-tmp-dir)))
 
       (setq gnus-uu-work-dir
-           (make-temp-file (concat gnus-uu-tmp-dir "gnus") 'dir))
-      (gnus-set-file-modes gnus-uu-work-dir 448)
+           (with-file-modes #o700
+             (make-temp-file (concat gnus-uu-tmp-dir "gnus") 'dir)))
       (setq gnus-uu-work-dir (file-name-as-directory gnus-uu-work-dir))
       (push (cons gnus-newsgroup-name gnus-uu-work-dir)
            gnus-uu-tmp-alist))))
diff --git a/lisp/gnus/mm-archive.el b/lisp/gnus/mm-archive.el
index 71676c1..56253af 100644
--- a/lisp/gnus/mm-archive.el
+++ b/lisp/gnus/mm-archive.el
@@ -42,8 +42,9 @@
         dir)
     (unless decoder
       (error "No decoder found for %s" type))
-    (setq dir (make-temp-file (expand-file-name "emm." mm-tmp-directory) 'dir))
-    (set-file-modes dir #o700)
+    (with-file-modes #o700
+      (setq dir (make-temp-file (expand-file-name "emm." mm-tmp-directory)
+                               'dir)))
     (unwind-protect
        (progn
          (mm-with-unibyte-buffer
diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index d33bb56..2dab278 100644
--- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -602,11 +602,10 @@ files left at the next time."
        (push temp fails)))
     (if fails
        ;; Schedule the deletion of the files left at the next time.
-       (progn
+       (with-file-modes #o600
          (write-region (concat (mapconcat 'identity (nreverse fails) "\n")
                                "\n")
-                       nil cache-file nil 'silent)
-         (set-file-modes cache-file #o600))
+                       nil cache-file nil 'silent))
       (when (file-exists-p cache-file)
        (ignore-errors (delete-file cache-file))))
     (setq mm-temp-files-to-be-deleted nil)))
@@ -911,8 +910,10 @@ external if displayed external."
        ;; The function is a string to be executed.
        (mm-insert-part handle)
        (mm-add-meta-html-tag handle)
-       (let* ((dir (make-temp-file
-                    (expand-file-name "emm." mm-tmp-directory) 'dir))
+       ;; We create a private sub-directory where we store our files.
+       (let* ((dir (with-file-modes #o700
+                     (make-temp-file
+                      (expand-file-name "emm." mm-tmp-directory) 'dir)))
               (filename (or
                          (mail-content-type-get
                           (mm-handle-disposition handle) 'filename)
@@ -924,8 +925,6 @@ external if displayed external."
                              (assoc "needsterminal" mime-info)))
               (copiousoutput (assoc "copiousoutput" mime-info))
               file buffer)
-         ;; We create a private sub-directory where we store our files.
-         (set-file-modes dir #o700)
          (if filename
              (setq file (expand-file-name
                          (gnus-map-function mm-file-name-rewrite-functions
@@ -941,8 +940,9 @@ external if displayed external."
                ;; `mailcap-mime-extensions'.
                (setq suffix (car (rassoc (mm-handle-media-type handle)
                                          mailcap-mime-extensions))))
-             (setq file (make-temp-file (expand-file-name "mm." dir)
-                                        nil suffix))))
+             (setq file (with-file-modes #o600
+                          (make-temp-file (expand-file-name "mm." dir)
+                                          nil suffix)))))
          (let ((coding-system-for-write mm-binary-coding-system))
            (write-region (point-min) (point-max) file nil 'nomesg))
          ;; The file is deleted after the viewer exists.  If the users edits
diff --git a/lisp/image-dired.el b/lisp/image-dired.el
index 768e941..1cc38ba 100644
--- a/lisp/image-dired.el
+++ b/lisp/image-dired.el
@@ -771,8 +771,8 @@ Increase at own risk.")
          process)
     (when (not (file-exists-p thumbnail-dir))
       (message "Creating thumbnail directory")
-      (make-directory thumbnail-dir t)
-      (set-file-modes thumbnail-dir #o700))
+      (with-file-modes #o700
+       (make-directory thumbnail-dir t)))
 
     ;; Thumbnail file creation processes begin here and are marshaled
     ;; in a queue by `image-dired-create-thumb'.