This fixes bug#4197 (merged to bug#865, though not identical).

* server.el (server-auth-dir): Add docstring note about FAT32. (server-ensure-safe-dir): Accept FAT32 directories as "safe", but warn against using them.
author: Juanma Barranquero 2009-09-19 14:56:04 +0000
committer: Juanma Barranquero 2009-09-19 14:56:04 +0000
commit: 3e70541aed3c5ee2ed345ea94b2c61b36c44142d (patch)
tree: d67c8a12ae8d124ef64cd0b90aa5b3d329ca7006 /lisp/server.el
parent: d443acd9b1e99cfbc9e56862670cfdc134870281 (diff)
download: emacs-3e70541aed3c5ee2ed345ea94b2c61b36c44142d.tar.gz
emacs-3e70541aed3c5ee2ed345ea94b2c61b36c44142d.zip
1 files changed, 30 insertions, 5 deletions
diff --git a/lisp/server.el b/lisp/server.el
index f198ac83693..a1d0fbf32cf 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -113,7 +113,12 @@ If set, the server accepts remote connections; otherwise it is local."
 (put 'server-host 'risky-local-variable t)
 (defcustom server-auth-dir (locate-user-emacs-file "server/")
-  "Directory for server authentication files."
+  "Directory for server authentication files.
+NOTE: On FAT32 filesystems, directories are not secure;
+files can be read and modified by any user or process.
+It is strongly suggested to set `server-auth-dir' to a
+directory residing in a NTFS partition instead."
  :group 'server
  :type 'directory
  :version "22.1")
@@ -453,11 +458,31 @@ Creates the directory if necessary and makes sure:
    (unless attrs
      (letf (((default-file-modes) ?\700)) (make-directory dir t))
      (setq attrs (file-attributes dir 'integer)))
    ;; Check that it's safe for use.
-    (unless (and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))
+    (let* ((uid (nth 2 attrs))
-                 (or (eq system-type 'windows-nt)
+           (w32 (eq system-type 'windows-nt))
-                     (zerop (logand ?\077 (file-modes dir)))))
+           (safe (catch :safe
-      (error "The directory %s is unsafe" dir))))
+                   (unless (eq t (car attrs))   ; is a dir?
+                     (throw :safe nil))
+                   (when (and w32 (zerop uid))  ; on FAT32?
+                     (display-warning
+                      'server
+                      (format "Using `%s' to store Emacs-server authentication files.
+Directories on FAT32 filesystems are NOT secure against tampering.
+See variable `server-auth-dir' for details."
+                              (file-name-as-directory dir))
+                      :warning)
+                     (throw :safe t))
+                   (unless (eql uid (user-uid)) ; is the dir ours?
+                     (throw :safe nil))
+                   (when w32                    ; on NTFS?
+                     (throw :safe t))
+                   (unless (zerop (logand ?\077 (file-modes dir)))
+                     (throw :safe nil))
+                   t)))
+      (unless safe
+        (error "The directory `%s' is unsafe" dir)))))
 ;;;###autoload
 (defun server-start (&optional leave-dead)
author	Juanma Barranquero	2009-09-19 14:56:04 +0000
committer	Juanma Barranquero	2009-09-19 14:56:04 +0000
commit	3e70541aed3c5ee2ed345ea94b2c61b36c44142d (patch)
tree	d67c8a12ae8d124ef64cd0b90aa5b3d329ca7006 /lisp/server.el
parent	d443acd9b1e99cfbc9e56862670cfdc134870281 (diff)
download	emacs-3e70541aed3c5ee2ed345ea94b2c61b36c44142d.tar.gz emacs-3e70541aed3c5ee2ed345ea94b2c61b36c44142d.zip

diff --git a/lisp/server.el b/lisp/server.el index f198ac83693..a1d0fbf32cf 100644 --- a/lisp/server.el +++ b/lisp/server.el
@@ -113,7 +113,12 @@ If set, the server accepts remote connections; otherwise it is local."
113	(put 'server-host 'risky-local-variable t)	113	(put 'server-host 'risky-local-variable t)
114		114
115	(defcustom server-auth-dir (locate-user-emacs-file "server/")	115	(defcustom server-auth-dir (locate-user-emacs-file "server/")
116	"Directory for server authentication files."	116	"Directory for server authentication files.
		117
		118	NOTE: On FAT32 filesystems, directories are not secure;
		119	files can be read and modified by any user or process.
		120	It is strongly suggested to set `server-auth-dir' to a
		121	directory residing in a NTFS partition instead."
117	:group 'server	122	:group 'server
118	:type 'directory	123	:type 'directory
119	:version "22.1")	124	:version "22.1")
@@ -453,11 +458,31 @@ Creates the directory if necessary and makes sure:
453	(unless attrs	458	(unless attrs
454	(letf (((default-file-modes) ?\700)) (make-directory dir t))	459	(letf (((default-file-modes) ?\700)) (make-directory dir t))
455	(setq attrs (file-attributes dir 'integer)))	460	(setq attrs (file-attributes dir 'integer)))
		461
456	;; Check that it's safe for use.	462	;; Check that it's safe for use.
457	(unless (and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))	463	(let* ((uid (nth 2 attrs))
458	(or (eq system-type 'windows-nt)	464	(w32 (eq system-type 'windows-nt))
459	(zerop (logand ?\077 (file-modes dir)))))	465	(safe (catch :safe
460	(error "The directory %s is unsafe" dir))))	466	(unless (eq t (car attrs)) ; is a dir?
		467	(throw :safe nil))
		468	(when (and w32 (zerop uid)) ; on FAT32?
		469	(display-warning
		470	'server
		471	(format "Using `%s' to store Emacs-server authentication files.
		472	Directories on FAT32 filesystems are NOT secure against tampering.
		473	See variable `server-auth-dir' for details."
		474	(file-name-as-directory dir))
		475	:warning)
		476	(throw :safe t))
		477	(unless (eql uid (user-uid)) ; is the dir ours?
		478	(throw :safe nil))
		479	(when w32 ; on NTFS?
		480	(throw :safe t))
		481	(unless (zerop (logand ?\077 (file-modes dir)))
		482	(throw :safe nil))
		483	t)))
		484	(unless safe
		485	(error "The directory `%s' is unsafe" dir)))))
461		486
462	;;;###autoload	487	;;;###autoload
463	(defun server-start (&optional leave-dead)	488	(defun server-start (&optional leave-dead)