|
From: | Paul Eggert |
Subject: | bug#37445: 27.0.50; Permission denied after make install |
Date: | Fri, 20 Sep 2019 02:10:10 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
On 9/19/19 11:07 PM, Tino Calancha wrote:
# Now launch Emacs: you will see at *Warnings* buffer # File error: Testing file, Permission denied, /home/ec2-user/soft/emacs-master/src
Thanks, I think I see the problem: Emacs is examining its source code, via the Lisp variable source-directory, a variable that is put into the dump file. But in your case the source code's permissions forbid access.
This glitch suggests that there are more-serious security problems in the default Emacs install. If source-directory is (say) "/tmp/emacs-build/whatever", and /tmp/emacs-build is removed after the build, an attacker can provide a bogus source directory in place of the real one, and this could cause real problems.
Fedora 30 solves this potential security problem by arranging for the Lisp variable source-directory to have a value like "/usr/share/emacs/26.2/", which is a place attackers shouldn't be able to overwrite.
However, the default Emacs install doesn't do that. It installs the sources into (say) "/usr/local/share/emacs/27.0.50", but it doesn't arrange for source-directory to point there; instead, source-directory points to wherever the sources happened to be when Emacs was built, which could be in /tmp. This sounds like a configuration error in the default Emacs install, and I plan to look into why it's unsafe whereas the Fedora Emacs install is safer.
[Prev in Thread] | Current Thread | [Next in Thread] |