bug#37445: 27.0.50; Permission denied after make install

[Paul Eggert]

On 9/19/19 11:07 PM, Tino Calancha wrote:
> # Now launch Emacs: you will see at *Warnings* buffer
> # File error: Testing file, Permission denied, 
> /home/ec2-user/soft/emacs-master/src

Thanks, I think I see the problem: Emacs is examining its source code, via the 
Lisp variable source-directory, a variable that is put into the dump file. But 
in your case the source code's permissions forbid access.

This glitch suggests that there are more-serious security problems in the 
default Emacs install. If source-directory is (say) "/tmp/emacs-build/whatever", 
and /tmp/emacs-build is removed after the build, an attacker can provide a bogus 
source directory in place of the real one, and this could cause real problems.

Fedora 30 solves this potential security problem by arranging for the Lisp 
variable source-directory to have a value like "/usr/share/emacs/26.2/", which 
is a place attackers shouldn't be able to overwrite.

However, the default Emacs install doesn't do that. It installs the sources into 
(say) "/usr/local/share/emacs/27.0.50", but it doesn't arrange for 
source-directory to point there; instead, source-directory points to wherever 
the sources happened to be when Emacs was built, which could be in /tmp. This 
sounds like a configuration error in the default Emacs install, and I plan to 
look into why it's unsafe whereas the Fedora Emacs install is safer.