diff --git a/lisp/server.el b/lisp/server.el index 8aafa1c2570..33800a98682 100644 --- a/lisp/server.el +++ b/lisp/server.el @@ -525,30 +525,35 @@ Creates the directory if necessary and makes sure: ;; Check that it's safe for use. (let* ((uid (nth 2 attrs)) (w32 (eq system-type 'windows-nt)) - (safe (cond - ((not (eq t (car attrs))) nil) ; is a dir? - ((and w32 (zerop uid)) ; on FAT32? - (display-warning - 'server - (format-message "\ + (unsafe (cond + ((not (eq t (car attrs))) + (format "it is a %s" (if (stringp (car attrs)) + "symlink" "file"))) + ((and w32 (zerop uid)) ; on FAT32? + (display-warning + 'server + (format-message "\ Using `%s' to store Emacs-server authentication files. Directories on FAT32 filesystems are NOT secure against tampering. See variable `server-auth-dir' for details." - (file-name-as-directory dir)) - :warning) - t) - ((and (/= uid (user-uid)) ; is the dir ours? - (or (not w32) - ;; Files created on Windows by Administrator - ;; (RID=500) have the Administrators (RID=544) - ;; group recorded as the owner. - (/= uid 544) (/= (user-uid) 500))) - nil) - (w32 t) ; on NTFS? - (t ; else, check permissions - (zerop (logand ?\077 (file-modes dir))))))) - (unless safe - (error "The directory `%s' is unsafe" dir))))) + (file-name-as-directory dir)) + :warning) + nil) + ((and (/= uid (user-uid)) ; is the dir ours? + (or (not w32) + ;; Files created on Windows by Administrator + ;; (RID=500) have the Administrators (RID=544) + ;; group recorded as the owner. + (/= uid 544) (/= (user-uid) 500))) + (format "it is not owned by you (owner = %s (%d))" + (user-full-name (user-uid)) (user-uid))) + (w32 nil) ; on NTFS? + ((/= 0 (logand ?\077 (file-modes dir))) + (format "it is accessible by others (%03o)" + (file-modes dir))) + (t nil)))) + (when unsafe + (error "`%s' is not a safe directory because %s" dir unsafe))))) (defun server-generate-key () "Generate and return a random authentication key.