[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[nongnu] elpa/undo-fu-session a6a23301a4 30/53: Fix #2: resolve potentia
From: |
ELPA Syncer |
Subject: |
[nongnu] elpa/undo-fu-session a6a23301a4 30/53: Fix #2: resolve potential security issue with file permissions |
Date: |
Thu, 7 Jul 2022 12:05:21 -0400 (EDT) |
branch: elpa/undo-fu-session
commit a6a23301a4030335ff3de1c5556f6ab5d915f7b5
Author: Campbell Barton <ideasman42@gmail.com>
Commit: Campbell Barton <ideasman42@gmail.com>
Fix #2: resolve potential security issue with file permissions
---
changelog.rst | 1 +
undo-fu-session.el | 2 ++
2 files changed, 3 insertions(+)
diff --git a/changelog.rst b/changelog.rst
index a3958ff315..3b5112fd9e 100644
--- a/changelog.rst
+++ b/changelog.rst
@@ -5,6 +5,7 @@ Change Log
- In development
+ - Write files so only the owner can read them (to avoid potential security
issues).
- Disable ``global-undo-fu-session`` in ``special-mode`` and it's derived
modes (such as ``package-menu-mode``).
- Add ``undo-fu-session-ignore-encrypted-files`` to ignore encrypted files.
- Fix bug when ``undo-fu-session-linear`` was enabled,
diff --git a/undo-fu-session.el b/undo-fu-session.el
index 6df4806ccb..f847fed568 100644
--- a/undo-fu-session.el
+++ b/undo-fu-session.el
@@ -470,6 +470,8 @@ Argument PENDING-LIST an `pending-undo-list' compatible
list."
(write-char ?\n (current-buffer))
(prin1 content-data (current-buffer))
(write-region nil nil undo-file nil 0)
+ ;; This file should only readable by the owner, see #2.
+ (set-file-modes undo-file #o600)
t)))))
(defun undo-fu-session-save-safe ()
- [nongnu] elpa/undo-fu-session f0f8e2443f 27/53: Use group "undo", (continued)
- [nongnu] elpa/undo-fu-session f0f8e2443f 27/53: Use group "undo", ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session f9589be462 22/53: Global mode is no longer enables in special-modes, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 2424ad50ff 04/53: Use 'string-match-p' to avoid changing match data, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 35d4cf3771 07/53: Update commentary to make it more useful., ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session e2043f8350 10/53: Add `undo-fu-session-linear` option, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 39f9b1997e 13/53: Ignore encrypted files by default, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session fddcc75a58 01/53: Initial commit., ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 98a8cc6396 14/53: Add missing docstring, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 243d93b4c7 21/53: Cleanup: formatting, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session dae6dfbc7d 28/53: Cleanup: docstrings, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session a6a23301a4 30/53: Fix #2: resolve potential security issue with file permissions,
ELPA Syncer <=
- [nongnu] elpa/undo-fu-session 7bbc89a42f 36/53: Build linear-list in-order instead of reversing, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 2fe1efcfa1 37/53: Shorten message, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 5862b90b9c 38/53: Cleanup: use file-name-concat for clarity, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 56d3134287 40/53: Cleanup: use simpler syntax to construct the overlay list, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 4330e87aac 50/53: Remove undo-fu-session hooks when no buffers have the mode enabled, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 3e54374b37 52/53: Cleanup: use double-dash for private functions, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session fa4833d470 02/53: readme: update to reference other packages, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session fa62a9b9a1 03/53: Cleanup: messages & docstrings, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 049fe942f6 11/53: Cleanup: order buffer-undo-list before pending-undo-list, ELPA Syncer, 2022/07/07
- [nongnu] elpa/undo-fu-session 5cc4b4f33d 12/53: Fix for linearizing an empty undo-list disabling undo on reload, ELPA Syncer, 2022/07/07