peter@hp-pcd.UUCP (01/30/84)
According to Berkeley documentation, HIER(7), /usr/preserve is the directory
where editor temporaries are preserved after crashes or hangups. As
distributed on 4.1, it comes with "drwxr-xr-x root" permissions. A question
has come up if this shouldn't really be writable to everyone.
The directory certainly looks harmless enough. Does anyone know of a reason
why it shouldn't be opened up for all accesses? Are there any security holes
created by doing so? Alternatively, should it work as it stands? We have been
having some problems with EMACS after stopping and resuming that point to
this directory.
Thanks for any information,
Peter Robinson
Hewlett-Packard PCD
Corvallis, OR
{ucbvax!hplabs,harpo,ogcvax}!hp-pcd!peterLepreau@UTAH-20.ARPA (02/02/84)
From: Jay Lepreau <Lepreau@UTAH-20.ARPA>
I looked into this awhile ago, and it appeared to me that as ex.recover
and preserve are written, making /usr/preserve 777 would open up a hole.
Those programs should work, at least in 4.2, with it 755 (they are
setuid). Have CCA emacs put its files somewhere else, say /usr/tmp.
No guarantees above is correct, I only took a quick look.
{hplabs,harpo}!utah-cs!lepreau
-------