emacs: fix an auto-save permissions race condition

* fileio.c (auto_saving_dir_umask): New static var. (Fmake_directory_internal): Use it. (do_auto_save_make_dir): Set it, instead of invoking chmod after creating the directory. The old code temporarily assigns too-generous permissions to the directory. (do_auto_save_eh): Clear it. (Fdo_auto_save): Catch all errrors, not just file errors, so that the var is always cleared.
author: Paul Eggert 2011-12-29 12:44:31 -0800
committer: Paul Eggert 2011-12-29 12:44:31 -0800
commit: 09450bae84788f9645716e17006e222adf1dec7f (patch)
tree: 09f5edb41135a2382c22449cd3177ffa78d441dd /src
parent: 2cae5ba432fc30042950c073b7ec7807bb98bcde (diff)
download: emacs-09450bae84788f9645716e17006e222adf1dec7f.tar.gz
emacs-09450bae84788f9645716e17006e222adf1dec7f.zip
2 files changed, 23 insertions, 6 deletions
diff --git a/src/ChangeLog b/src/ChangeLog
index f10e2955164..6c0185b7386 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,15 @@
+2011-12-29  Paul Eggert  <eggert@cs.ucla.edu>
+        emacs: fix an auto-save permissions race condition
+        * fileio.c (auto_saving_dir_umask): New static var.
+        (Fmake_directory_internal): Use it.
+        (do_auto_save_make_dir): Set it, instead of invoking chmod after
+        creating the directory.  The old code temporarily assigns
+        too-generous permissions to the directory.
+        (do_auto_save_eh): Clear it.
+        (Fdo_auto_save): Catch all errrors, not just file errors, so
+        that the var is always cleared.
 2011-12-28  Kenichi Handa  <handa@m17n.org>
        * coding.c (Fdefine_coding_system_internal): Make an utf-8 base
diff --git a/src/fileio.c b/src/fileio.c
index 3306085491e..27ae8b82204 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -90,6 +90,9 @@ along with GNU Emacs.  If not, see <http://www.gnu.org/licenses/>.  */
 /* Nonzero during writing of auto-save files */
 static int auto_saving;
+/* Nonzero umask during creation of auto-save directories */
+static int auto_saving_dir_umask;
 /* Set by auto_save_1 to mode of original file so Fwrite_region will create
   a new file with the same mode as the original */
 static int auto_save_mode_bits;
@@ -2062,7 +2065,7 @@ DEFUN ("make-directory-internal", Fmake_directory_internal,
 #ifdef WINDOWSNT
  if (mkdir (dir) != 0)
 #else
-  if (mkdir (dir, 0777) != 0)
+  if (mkdir (dir, 0777 & ~auto_saving_dir_umask) != 0)
 #endif
    report_file_error ("Creating directory", list1 (directory));
@@ -5205,16 +5208,18 @@ do_auto_save_unwind_1 (Lisp_Object value)  /* used as unwind-protect function */
 static Lisp_Object
 do_auto_save_make_dir (Lisp_Object dir)
 {
-  Lisp_Object mode;
+  Lisp_Object result;
-  call2 (Qmake_directory, dir, Qt);
+  auto_saving_dir_umask = 077;
-  XSETFASTINT (mode, 0700);
+  result = call2 (Qmake_directory, dir, Qt);
-  return Fset_file_modes (dir, mode);
+  auto_saving_dir_umask = 0;
+  return result;
 }
 static Lisp_Object
 do_auto_save_eh (Lisp_Object ignore)
 {
+  auto_saving_dir_umask = 0;
  return Qnil;
 }
@@ -5282,7 +5287,7 @@ A non-nil CURRENT-ONLY argument means save only current buffer.  */)
          dir = Ffile_name_directory (listfile);
          if (NILP (Ffile_directory_p (dir)))
            internal_condition_case_1 (do_auto_save_make_dir,
-                                       dir, Fcons (Fcons (Qfile_error, Qnil), Qnil),
+                                       dir, Qt,
                                       do_auto_save_eh);
          UNGCPRO;
        }
author	Paul Eggert	2011-12-29 12:44:31 -0800
committer	Paul Eggert	2011-12-29 12:44:31 -0800
commit	09450bae84788f9645716e17006e222adf1dec7f (patch)
tree	09f5edb41135a2382c22449cd3177ffa78d441dd /src
parent	2cae5ba432fc30042950c073b7ec7807bb98bcde (diff)
download	emacs-09450bae84788f9645716e17006e222adf1dec7f.tar.gz emacs-09450bae84788f9645716e17006e222adf1dec7f.zip