Mercurial > emacs

changeset 105108:84836b2f2c93

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This fixes bug#4197 (merged to bug#865, though not identical). * server.el (server-auth-dir): Add docstring note about FAT32. (server-ensure-safe-dir): Accept FAT32 directories as "safe", but warn against using them.
author Juanma Barranquero <lekktu@gmail.com>
date Sat, 19 Sep 2009 14:56:04 +0000
parents c8c485186991
children 178c9761642e
files lisp/ChangeLog lisp/server.el
diffstat 2 files changed, 38 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/lisp/ChangeLog	Sat Sep 19 11:45:57 2009 +0000
+++ b/lisp/ChangeLog	Sat Sep 19 14:56:04 2009 +0000
@@ -1,3 +1,11 @@
+2009-09-19  Juanma Barranquero  <lekktu@gmail.com>
+	    Eli Zaretskii  <eliz@gnu.org>
+
+	This fixes bug#4197 (merged to bug#865, though not identical).
+	* server.el (server-auth-dir): Add docstring note about FAT32.
+	(server-ensure-safe-dir): Accept FAT32 directories as "safe",
+	but warn against using them.
+
 2009-09-19  Nick Roberts  <nickrob@snap.net.nz>
 
 	* progmodes/gdb-mi.el (gdb-var-update-handler-1): Include case of
--- a/lisp/server.el	Sat Sep 19 11:45:57 2009 +0000
+++ b/lisp/server.el	Sat Sep 19 14:56:04 2009 +0000
@@ -113,7 +113,12 @@
 (put 'server-host 'risky-local-variable t)
 
 (defcustom server-auth-dir (locate-user-emacs-file "server/")
-  "Directory for server authentication files."
+  "Directory for server authentication files.
+
+NOTE: On FAT32 filesystems, directories are not secure;
+files can be read and modified by any user or process.
+It is strongly suggested to set `server-auth-dir' to a
+directory residing in a NTFS partition instead."
   :group 'server
   :type 'directory
   :version "22.1")
@@ -453,11 +458,31 @@
     (unless attrs
       (letf (((default-file-modes) ?\700)) (make-directory dir t))
       (setq attrs (file-attributes dir 'integer)))
+
     ;; Check that it's safe for use.
-    (unless (and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))
-                 (or (eq system-type 'windows-nt)
-                     (zerop (logand ?\077 (file-modes dir)))))
-      (error "The directory %s is unsafe" dir))))
+    (let* ((uid (nth 2 attrs))
+	   (w32 (eq system-type 'windows-nt))
+	   (safe (catch :safe
+		   (unless (eq t (car attrs))   ; is a dir?
+		     (throw :safe nil))
+		   (when (and w32 (zerop uid))  ; on FAT32?
+		     (display-warning
+		      'server
+		      (format "Using `%s' to store Emacs-server authentication files.
+Directories on FAT32 filesystems are NOT secure against tampering.
+See variable `server-auth-dir' for details."
+			      (file-name-as-directory dir))
+		      :warning)
+		     (throw :safe t))
+		   (unless (eql uid (user-uid)) ; is the dir ours?
+		     (throw :safe nil))
+		   (when w32                    ; on NTFS?
+		     (throw :safe t))
+		   (unless (zerop (logand ?\077 (file-modes dir)))
+		     (throw :safe nil))
+		   t)))
+      (unless safe
+	(error "The directory `%s' is unsafe" dir)))))
 
 ;;;###autoload
 (defun server-start (&optional leave-dead)