# HG changeset patch # User Glenn Morris # Date 1187754555 0 # Node ID 250bf6af6540395d0b730c3d4c9adf9b4dc1f71b # Parent 1394a4fd47246a4e151e420d02d6df3c0e69a22a (backup-buffer-copy): Check backup directory is writable, to avoid infloop deleting old backup. diff -r 1394a4fd4724 -r 250bf6af6540 lisp/files.el --- a/lisp/files.el Wed Aug 22 03:37:21 2007 +0000 +++ b/lisp/files.el Wed Aug 22 03:49:15 2007 +0000 @@ -3173,6 +3173,11 @@ (defun backup-buffer-copy (from-name to-name modes) (let ((umask (default-file-modes))) + (dir (or (file-name-directory to-name) + default-directory))) + ;; Can't delete or create files in a read-only directory. + (unless (file-writable-p dir) + (signal 'file-error (list "Directory is not writable" dir))) (unwind-protect (progn ;; Create temp files with strict access rights. It's easy to @@ -3181,6 +3186,11 @@ (set-default-file-modes ?\700) (while (condition-case () (progn + ;; If we allow for the possibility of something + ;; creating the file between delete and copy + ;; (below), we must also allow for the + ;; possibility of something deleting it between + ;; a file-exists-p check and a delete. (condition-case nil (delete-file to-name) (file-error nil)) @@ -3189,6 +3199,10 @@ (file-already-exists t)) ;; The file was somehow created by someone else between ;; `delete-file' and `copy-file', so let's try again. + ;; Does that every actually happen in practice? + ;; This is a potential infloop, which seems bad... + ;; rms says "I think there is also a possible race + ;; condition for making backup files" (emacs-devel 20070821). nil)) ;; Reset the umask. (set-default-file-modes umask)))