mirror/emacs
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-12-16 09:50:25 +00:00
Code Issues Releases Activity
8cd66a3170
emacs/lib-src
History
Paul Eggert 007744dd04 Redo emacsclient socket symlink-attack checking 
* admin/merge-gnulib (GNULIB_MODULES): Add file-has-acl.
* lib/file-has-acl.c: New file, copied from Gnulib.
* lib/gnulib.mk.in, m4/gnulib-comp.m4: Regenerate.
* lib-src/emacsclient.c: Include acl.h, for file_has_acl.
(O_PATH): Default to O_SEARCH, which is good enough here.
(union local_sockaddr): New type.
(socket_status): Remove, replacing with ...
(connect_socket): New function.  All callers changed.
This function checks for ownership and permissions issues with the
parent directory of the socket file, instead of checking the
owner of the socket (which does not help security).
(socknamesize): Move to file scope.
(local_sockname): New arg S.  No need to pass socknamesize.
UID arg is now uid_t.  All callers changed.  Get file descriptor
of parent directory of socket, to foil some symlink attacks.
Do not follow symlinks to that directory.
(set_local_socket): Create the socket here instead of on
each attempt to connect it.  Fall back from XDG_RUNTIME_DIR
to /tmp only if the former fails due to ENOENT.  Adjust
permission-failure diagnostic to match changed behavior.

This addresses Bug#33847, which complained about emacsclient in a
safer XDG environment not connecting to an Emacs server running in
a less-safe enviroment outside XDG.  The patch fixes a
longstanding issue with emacsclient permission checking.
It’s ineffective to look at the permission of the socket file
itself; on some platforms, these permissions are ignored anyway.
What matters are the permissions on the parent directory of the
socket file, as these are what make symlink attacks possible.
Change the permissions check accordingly, and also refuse to
follow symlinks to that parent directory.  These changes make it
OK for emacsclient to fall back from XDG_RUNTIME_DIR to the
traditionally less-safe /tmp/emacsNNNN directories, since /tmp is
universally sticky nowadays.
2021-07-23 13:33:37 +02:00
..
ChangeLog.1 Update copyright year to 2021 2021-01-01 01:13:56 -08:00
COPYING Merge from Gnulib 2017-10-01 18:31:10 -07:00
ctags.c
ebrowse.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00
emacsclient.c Redo emacsclient socket symlink-attack checking 2021-07-23 13:33:37 +02:00
etags.c Pacify gcc 11.1.1 -Wanalyzer-null-argument 2021-07-12 00:12:20 -07:00
hexl.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00
make-docfile.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00
make-fingerprint.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00
Makefile.in * lib-src/Makefile.in (clean): Tidy up seccomp-filter files. 2021-05-09 18:46:11 -07:00
movemail.c Pacify gcc 11.1.1 -Wanalyzer-null-argument 2021-07-12 00:12:20 -07:00
ntlib.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00
ntlib.h Update copyright year to 2021 2021-01-01 01:13:56 -08:00
pop.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00
pop.h Update copyright year to 2021 2021-01-01 01:13:56 -08:00
rcs2log Update copyright year to 2021 2021-01-01 01:13:56 -08:00
README
seccomp-filter.c Ensure that argument to 'verify' is a constant expression. 2021-04-22 16:11:10 +02:00
update-game-score.c Update copyright year to 2021 2021-01-01 01:13:56 -08:00

README 

This directory contains the source code for the architecture-dependent
files that go in ${archlibdir}.  At present, these are mostly utility
programs used by GNU Emacs.