emacs-elpa-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[nongnu] elpa/undo-fu-session a6a23301a4 30/53: Fix #2: resolve potentia

From: ELPA Syncer
Subject: [nongnu] elpa/undo-fu-session a6a23301a4 30/53: Fix #2: resolve potential security issue with file permissions
Date: Thu, 7 Jul 2022 12:05:21 -0400 (EDT) 
branch: elpa/undo-fu-session
commit a6a23301a4030335ff3de1c5556f6ab5d915f7b5
Author: Campbell Barton <ideasman42@gmail.com>
Commit: Campbell Barton <ideasman42@gmail.com>

    Fix #2: resolve potential security issue with file permissions
---
 changelog.rst      | 1 +
 undo-fu-session.el | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/changelog.rst b/changelog.rst
index a3958ff315..3b5112fd9e 100644
--- a/changelog.rst
+++ b/changelog.rst
@@ -5,6 +5,7 @@ Change Log
 
 - In development
 
+  - Write files so only the owner can read them (to avoid potential security 
issues).
   - Disable ``global-undo-fu-session`` in ``special-mode`` and it's derived 
modes (such as ``package-menu-mode``).
   - Add ``undo-fu-session-ignore-encrypted-files`` to ignore encrypted files.
   - Fix bug when ``undo-fu-session-linear`` was enabled,
diff --git a/undo-fu-session.el b/undo-fu-session.el
index 6df4806ccb..f847fed568 100644
--- a/undo-fu-session.el
+++ b/undo-fu-session.el
@@ -470,6 +470,8 @@ Argument PENDING-LIST an `pending-undo-list' compatible 
list."
           (write-char ?\n (current-buffer))
           (prin1 content-data (current-buffer))
           (write-region nil nil undo-file nil 0)
+          ;; This file should only readable by the owner, see #2.
+          (set-file-modes undo-file #o600)
           t)))))
 
 (defun undo-fu-session-save-safe ()
reply via email to
[Prev in Thread] Current Thread [Next in Thread]