[comp.emacs] Mode of autosave files

pearce@oddjob.UChicago.EDU (Eric C. Pearce) (01/25/89)

Emacs 18.52 (running under Sun OS 3.5) sets the mode of the autosave
files to the value derived from umask upon entry to emacs.  Thus, if
you are editing a file which is non publically readable, and your
umask is set to a typical Unix value, your file, say "foo", is visible
to everyone in the form of its autosave file #foo#.

I would call this a bug and a security problem.  Backfiles
automatically receive the same mode as the original file.  Autosave
files should too.

Does anyone know how this problem can be fixed?

Ram-Ashwin@cs.yale.edu (Ashwin Ram) (01/26/89)

In article <15179@oddjob.UChicago.EDU>, pearce@oddjob.UChicago.EDU (Eric C. Pearce) writes:
> Emacs 18.52 (running under Sun OS 3.5) sets the mode of the autosave
> files to the value derived from umask upon entry to emacs.  Thus, if
> you are editing a file which is non publically readable, and your
> umask is set to a typical Unix value, your file, say "foo", is visible
> to everyone in the form of its autosave file #foo#.
> 
> I would call this a bug and a security problem.  Backfiles
> automatically receive the same mode as the original file.  Autosave
> files should too.

I agree.  I use (setq backup-by-copying t) to force Emacs to preserve the
mode (ACLs on the Apollos) and date/time on the file, but this is a
workaround at best.  If backup-by-copying is nil, Emacs renames the original
file to make the backup, but the new file that is created in its place gets a
new mode derived afresh from the umask (at least in 18.48 on the Apollos)
rather than the mode it had previously.  This is another problem along the
lines you mentioned.

-- Ashwin.