Xref: utzoo comp.emacs:10750 alt.security:2602 Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!think.com!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!pacific.mps.ohio-state.edu!linac!att!cbfsb!danj1 From: Dan_Jacobson@ATT.COM Newsgroups: comp.emacs,alt.security Subject: Re: Emacs Auto-Save Security Message-ID: <1991May22.011248.13542@cbfsb.att.com> Date: 22 May 91 01:12:48 GMT References: <11564.9105201105@seq.hull.ac.uk> Sender: news@cbfsb.att.com Reply-To: Dan_Jacobson@ihlpz.ATT.COM Organization: AT&T-BL, Naperville IL, USA Lines: 47 In-Reply-To: sm2@sequent.cc.hull.ac.uk's message of 20 May 91 11: 05:26 GMT Originator: danj1@cbnewsf.cb.att.com >>>>> On 20 May 91 11:05:26 GMT, sm2@sequent.cc.hull.ac.uk (Simon Marshall) said: Simon> When Emacs auto-saves a buffer visiting a file (using a Simon> different name), it uses the value of the file creation mask Simon> (typically given by "umask" on Unix) for the auto-save file's Simon> permission bits, not the permission bits of the file that the Simon> buffer is visiting. Simon> Assuming that you're not the type who has umask 077 as the Simon> first line in your ~/.cshrc file (but do those sort of people Simon> refuse to use Emacs on principle anyway? ;-), and have Simon> something like umask 022, any file you edit using Emacs which Simon> you have chosen to restrict access to in some way is Simon> effectively unrestricted once an auto-save is done. If root Simon> uses Emacs to edit an access-restricted file, s/he better Simon> beware... Simon> Auto-saving is done on some buffers that are not visiting a Simon> file (*mail* being one such example), so it cannot get Simon> permission bits that way. here's what i use for the mail buffers (let ((tmp (expand-file-name "~/.mail/"))) ; .mail == 700 mode (if (file-directory-p tmp) (setq vm-folder-directory tmp) (setq vm-folder-directory (expand-file-name "~/")))) (setq mail-archive-file-name (concat vm-folder-directory "outbox")) (setq mail-mode-hook (function (lambda () ;;;at last: can save the "*mail*" auto-save buffer in a protected ;;;directory, so I don't have to set a restrictive (077) umask. ;;;[idea is thanks to Kyle Jones] ;;; (and (string= buffer-auto-save-file-name ;;; (expand-file-name "~/#%*mail*#")) (setq buffer-auto-save-file-name (concat vm-folder-directory "#%*mail" (int-to-string (random t))) ;; VM5: "#_reply_to_Kyle_Jones#" still to long ;; maybe "#-5421Kyle_Jones" is cooler );) ))) ;;(I have a cron job regularly clean out any old mail backups that are ;;produced when i change my mind and dont send a e-mail)