I just noticed that all the *.el and *.elc files in my the lisp
subdirs of emacs-21.2 installed from source (obtained at
ftp.gnu.org/gnu/emacs) have default permissions of 666.
/usr/local/share/emacs/21.2/lisp:
used 14476 available 1404352
drwxr-xr-x 17 root root 12288 Apr 29 07:59 .
drwxr-xr-x 6 root root 4096 Apr 29 07:59 ..
-rw-rw-rw- 1 9954 11 17992 Mar 16 05:38 COPYING
-rw-rw-rw- 1 9954 11 538 Jan 17 2001 README
-rw-rw-rw- 1 9954 11 11602 Aug 6 2001 abbrev.el
-rw-rw-rw- 1 9954 11 10418 Jan 11 02:23 abbrev.elc
-rw-rw-rw- 1 9954 11 1844 Jul 15 2001 abbrevlist.el
-rw-rw-rw- 1 9954 11 1160 Jan 11 02:23 abbrevlist.elc
This seems dangerous, because any user on the system could trojan some
of the modules and presumably grab sensitive info, possibly su
passwords and the like from other users using emacs.
It's an easy fix with
> cd /usr/local/share/emacs/21.2
> find . -name "*.el" -exec chown root.root {} \;
> find . -name "*.el" -exec chmod 644 {} \;
and the same for the *.elc. But in it's default config it's a
security risk for systems with untrusted users.
John Hunter
GNU Emacs 21.2.1 (i686-pc-linux-gnu, X toolkit, Xaw3d scroll bars)
Built from source with
> ./configure
> make install
_______________________________________________
Bits mailing list
[EMAIL PROTECTED]
http://www.sugoi.org/mailman/listinfo/bits
