procyberian/emacs
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make "unsafe directory" error message more informative (Bug#865)

Browse source 
* lisp/server.el (server-ensure-safe-dir): Produce a description for
each "unsafe" condition.
This commit is contained in:
Noam Postavsky 2017-08-27 23:09:32 -04:00
parent c59ddb2120
commit 43fac3beae
1 changed files with 26 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

23
lisp/server.el
View file

@ -525,8 +525,10 @@ Creates the directory if necessary and makes sure:
;; Check that it's safe for use. ;; Check that it's safe for use.
(let* ((uid (nth 2 attrs)) (let* ((uid (nth 2 attrs))
(w32 (eq system-type 'windows-nt)) (w32 (eq system-type 'windows-nt))
(safe (cond (unsafe (cond
((not (eq t (car attrs))) nil) ; is a dir? ((not (eq t (car attrs)))
(format "it is a %s" (if (stringp (car attrs))
"symlink" "file")))
((and w32 (zerop uid)) ; on FAT32? ((and w32 (zerop uid)) ; on FAT32?
(display-warning (display-warning
'server 'server
@ -536,19 +538,22 @@ Directories on FAT32 filesystems are NOT secure against tampering.
See variable `server-auth-dir' for details." See variable `server-auth-dir' for details."
(file-name-as-directory dir)) (file-name-as-directory dir))
:warning) :warning)
t) nil)
((and (/= uid (user-uid)) ; is the dir ours? ((and (/= uid (user-uid)) ; is the dir ours?
(or (not w32) (or (not w32)
;; Files created on Windows by Administrator ;; Files created on Windows by Administrator
;; (RID=500) have the Administrators (RID=544) ;; (RID=500) have the Administrators (RID=544)
;; group recorded as the owner. ;; group recorded as the owner.
(/= uid 544) (/= (user-uid) 500))) (/= uid 544) (/= (user-uid) 500)))
nil) (format "it is not owned by you (owner = %s (%d))"
(w32 t) ; on NTFS? (user-full-name (user-uid)) (user-uid)))
(t ; else, check permissions (w32 nil) ; on NTFS?
(zerop (logand ?\077 (file-modes dir))))))) ((/= 0 (logand ?\077 (file-modes dir)))
(unless safe (format "it is accessible by others (%03o)"
(error "The directory `%s' is unsafe" dir))))) (file-modes dir)))
(t nil))))
(when unsafe
(error "`%s' is not a safe directory because %s" dir unsafe)))))
(defun server-generate-key () (defun server-generate-key ()
"Generate and return a random authentication key. "Generate and return a random authentication key.