pearce@oddjob.UChicago.EDU (Eric C. Pearce) (01/25/89)
Emacs 18.52 (running under Sun OS 3.5) sets the mode of the autosave files to the value derived from umask upon entry to emacs. Thus, if you are editing a file which is non publically readable, and your umask is set to a typical Unix value, your file, say "foo", is visible to everyone in the form of its autosave file #foo#. I would call this a bug and a security problem. Backfiles automatically receive the same mode as the original file. Autosave files should too. Does anyone know how this problem can be fixed?
Ram-Ashwin@cs.yale.edu (Ashwin Ram) (01/26/89)
In article <15179@oddjob.UChicago.EDU>, pearce@oddjob.UChicago.EDU (Eric C. Pearce) writes: > Emacs 18.52 (running under Sun OS 3.5) sets the mode of the autosave > files to the value derived from umask upon entry to emacs. Thus, if > you are editing a file which is non publically readable, and your > umask is set to a typical Unix value, your file, say "foo", is visible > to everyone in the form of its autosave file #foo#. > > I would call this a bug and a security problem. Backfiles > automatically receive the same mode as the original file. Autosave > files should too. I agree. I use (setq backup-by-copying t) to force Emacs to preserve the mode (ACLs on the Apollos) and date/time on the file, but this is a workaround at best. If backup-by-copying is nil, Emacs renames the original file to make the backup, but the new file that is created in its place gets a new mode derived afresh from the umask (at least in 18.48 on the Apollos) rather than the mode it had previously. This is another problem along the lines you mentioned. -- Ashwin.