Fix some file-modes races

* lisp/gnus/gnus-start.el (gnus-save-newsrc-file)
(gnus-slave-save-newsrc):
* lisp/gnus/gnus-uu.el (gnus-uu-initialize):
* lisp/gnus/mm-archive.el (mm-dissect-archive):
* lisp/gnus/mm-decode.el (mm-temp-files-delete)
(mm-display-external):
* lisp/image-dired.el (image-dired-create-thumb-1):
Use with-file-modes rather than setting the file modes later.
This fixes some race conditions where the file temporarily
has the wrong permissions.

5 files changed, 26 insertions, 27 deletions

diff --git a/lisp/gnus/gnus-start.el b/lisp/gnus/gnus-start.el
index 1fd2575ea1f..873923e6c57 100644
--- a/lisp/gnus/gnus-start.el
+++ b/lisp/gnus/gnus-start.el
@@ -2812,7 +2812,7 @@ values from `gnus-newsrc-hashtb', and write a new value of
                               (file-exists-p working-file)))
 
                 (unwind-protect
-                    (progn
+                    (with-file-modes (file-modes startup-file)
                       (gnus-with-output-to-file working-file
                         (gnus-gnus-to-quick-newsrc-format)
                         (gnus-run-hooks 'gnus-save-quick-newsrc-hook))
@@ -2822,14 +2822,12 @@ values from `gnus-newsrc-hashtb', and write a new value of
                       ;; file.
                       (let ((buffer-backed-up nil)
                             (buffer-file-name startup-file)
-                            (file-precious-flag t)
-                            (setmodes (file-modes startup-file)))
+                            (file-precious-flag t))
                         ;; Backup the current version of the startup file.
                         (backup-buffer)
 
                         ;; Replace the existing startup file with the temp file.
                         (rename-file working-file startup-file t)
-                        (gnus-set-file-modes startup-file setmodes)
                         (setq gnus-save-newsrc-file-last-timestamp
                               (file-attribute-modification-time
                                (file-attributes startup-file)))))
@@ -3004,14 +3002,14 @@ SPECIFIC-VARIABLES, or those in `gnus-variable-list'."
 
 (defun gnus-slave-save-newsrc ()
   (with-current-buffer gnus-dribble-buffer
-    (let ((slave-name
-           (make-temp-file (concat gnus-current-startup-file "-slave-")))
-          (modes (ignore-errors
-                   (file-modes (concat gnus-current-startup-file ".eld")))))
-      (let ((coding-system-for-write gnus-ding-file-coding-system))
-        (gnus-write-buffer slave-name))
-      (when modes
-        (gnus-set-file-modes slave-name modes)))))
+    (with-file-modes (or (ignore-errors
+                           (file-modes
+                            (concat gnus-current-startup-file ".eld")))
+                         (default-file-modes))
+      (let ((slave-name
+             (make-temp-file (concat gnus-current-startup-file "-slave-"))))
+        (let ((coding-system-for-write gnus-ding-file-coding-system))
+          (gnus-write-buffer slave-name))))))
 
 (defun gnus-master-read-slave-newsrc ()
   (let ((slave-files
diff --git a/lisp/gnus/gnus-uu.el b/lisp/gnus/gnus-uu.el
index d40ba9cef42..4037221f496 100644
--- a/lisp/gnus/gnus-uu.el
+++ b/lisp/gnus/gnus-uu.el
@@ -1781,8 +1781,8 @@ Gnus might fail to display all of it.")
                  gnus-uu-tmp-dir)))
 
       (setq gnus-uu-work-dir
-            (make-temp-file (concat gnus-uu-tmp-dir "gnus") 'dir))
-      (gnus-set-file-modes gnus-uu-work-dir 448)
+            (with-file-modes #o700
+              (make-temp-file (concat gnus-uu-tmp-dir "gnus") 'dir)))
       (setq gnus-uu-work-dir (file-name-as-directory gnus-uu-work-dir))
       (push (cons gnus-newsgroup-name gnus-uu-work-dir)
             gnus-uu-tmp-alist))))
diff --git a/lisp/gnus/mm-archive.el b/lisp/gnus/mm-archive.el
index 71676c12a46..56253afa193 100644
--- a/lisp/gnus/mm-archive.el
+++ b/lisp/gnus/mm-archive.el
@@ -42,8 +42,9 @@
          dir)
     (unless decoder
       (error "No decoder found for %s" type))
-    (setq dir (make-temp-file (expand-file-name "emm." mm-tmp-directory) 'dir))
-    (set-file-modes dir #o700)
+    (with-file-modes #o700
+      (setq dir (make-temp-file (expand-file-name "emm." mm-tmp-directory)
+                                'dir)))
     (unwind-protect
         (progn
           (mm-with-unibyte-buffer
diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index d33bb56dc9e..2dab278b373 100644
--- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -602,11 +602,10 @@ files left at the next time."
         (push temp fails)))
     (if fails
         ;; Schedule the deletion of the files left at the next time.
-        (progn
+        (with-file-modes #o600
           (write-region (concat (mapconcat 'identity (nreverse fails) "\n")
                                 "\n")
-                        nil cache-file nil 'silent)
-          (set-file-modes cache-file #o600))
+                        nil cache-file nil 'silent))
       (when (file-exists-p cache-file)
         (ignore-errors (delete-file cache-file))))
     (setq mm-temp-files-to-be-deleted nil)))
@@ -911,8 +910,10 @@ external if displayed external."
         ;; The function is a string to be executed.
         (mm-insert-part handle)
         (mm-add-meta-html-tag handle)
-        (let* ((dir (make-temp-file
-                     (expand-file-name "emm." mm-tmp-directory) 'dir))
+        ;; We create a private sub-directory where we store our files.
+        (let* ((dir (with-file-modes #o700
+                      (make-temp-file
+                       (expand-file-name "emm." mm-tmp-directory) 'dir)))
                (filename (or
                           (mail-content-type-get
                            (mm-handle-disposition handle) 'filename)
@@ -924,8 +925,6 @@ external if displayed external."
                               (assoc "needsterminal" mime-info)))
                (copiousoutput (assoc "copiousoutput" mime-info))
                file buffer)
-          ;; We create a private sub-directory where we store our files.
-          (set-file-modes dir #o700)
           (if filename
               (setq file (expand-file-name
                           (gnus-map-function mm-file-name-rewrite-functions
@@ -941,8 +940,9 @@ external if displayed external."
                 ;; `mailcap-mime-extensions'.
                 (setq suffix (car (rassoc (mm-handle-media-type handle)
                                           mailcap-mime-extensions))))
-              (setq file (make-temp-file (expand-file-name "mm." dir)
-                                         nil suffix))))
+              (setq file (with-file-modes #o600
+                           (make-temp-file (expand-file-name "mm." dir)
+                                           nil suffix)))))
           (let ((coding-system-for-write mm-binary-coding-system))
             (write-region (point-min) (point-max) file nil 'nomesg))
           ;; The file is deleted after the viewer exists.  If the users edits
diff --git a/lisp/image-dired.el b/lisp/image-dired.el
index 768e941490d..1cc38ba714b 100644
--- a/lisp/image-dired.el
+++ b/lisp/image-dired.el
@@ -771,8 +771,8 @@ Increase at own risk.")
          process)
     (when (not (file-exists-p thumbnail-dir))
       (message "Creating thumbnail directory")
-      (make-directory thumbnail-dir t)
-      (set-file-modes thumbnail-dir #o700))
+      (with-file-modes #o700
+        (make-directory thumbnail-dir t)))
 
     ;; Thumbnail file creation processes begin here and are marshaled
     ;; in a queue by `image-dired-create-thumb'.