[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#865: 23.0.60; The directory is unsafe today
From: |
Eli Zaretskii |
Subject: |
bug#865: 23.0.60; The directory is unsafe today |
Date: |
Mon, 08 Sep 2008 23:08:40 +0300 |
> From: Stefan Monnier <monnier@iro.umontreal.ca>
> Cc: 865@emacsbugs.donarmstrong.com, jasonr@gnu.org,
> emacs-pretest-bug@gnu.org
> Date: Sun, 07 Sep 2008 23:33:28 -0400
>
> > This is impossible on Windows, AFAIK. There are special flags to the
> > syscall that opens a file or directory that can bypass any denied
> > rights to enter a directory or open a file. (These flags allegedly
> > exist so that system backup and restore programs could DTRT without
> > running as a privileged user.)
>
> Are you saying that anybody can read any file (or dir) simply by using
> those extra flags when they open those files and dirs? So there's no
> possible privacy between users on the same machine? If so, we may just
> stop to worry about server-ensure-safe-dir under w32 since there's
> simply no way for it to be safe (short of encrypting it, which implies
> a fairly different UI).
Not exactly: most programs don't use these special flags, and some of
them seem to require special privileges, although I'm not quite sure
who can gain those privileges. (A small test program confirmed that I
can gain them, even though I'm not in the Administrators group.)
See:
http://msdn.microsoft.com/en-us/library/aa364399(VS.85).aspx
for more details.
But I don't think we should dismiss the privacy issue just because it
can be bypassed by an ill meaning program: the same can happen on
Unix, given a program that deliberately gains root access. "Normal"
programs don't use those special access flags and privileges, and so
cannot access files in a private directory.
- bug#865: 23.0.60; The directory is unsafe today, (continued)
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/05
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/05
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/06
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/06
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/06
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/07
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/07
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/07
- bug#865: 23.0.60; The directory is unsafe today, Jason Rumney, 2008/09/08
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/08
- bug#865: 23.0.60; The directory is unsafe today,
Eli Zaretskii <=
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/09
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/09
- bug#865: 23.0.60; The directory is unsafe today, Stefan Monnier, 2008/09/10
- Message not available
- bug#865: 23.0.60; The directory is unsafe today, Francis Litterio, 2008/09/07
- bug#865: 23.0.60; The directory is unsafe today, Lennart Borgman (gmail), 2008/09/07
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/07
- Message not available
- bug#865: 23.0.60; The directory is unsafe today, Francis Litterio, 2008/09/06
- bug#865: 23.0.60; The directory is unsafe today, Lennart Borgman (gmail), 2008/09/06
- bug#865: 23.0.60; The directory is unsafe today, Lennart Borgman, 2008/09/05
- bug#865: 23.0.60; The directory is unsafe today, Eli Zaretskii, 2008/09/05