3724 – security problem with emacs 21.2 ebuild (?)

Bug 3724 - security problem with emacs 21.2 ebuild (?)

Summary: security problem with emacs 21.2 ebuild (?)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	x86 Linux

Importance:	High major (vote)
Assignee:	Matthew Kennedy (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2002-06-14 02:36 UTC by Adam M.
Modified:	2003-02-04 19:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
quick fix for setting more sane permissions on files (emacs.diff,300 bytes, patch) 2002-06-14 06:47 UTC, Daniel Ahlberg (RETIRED)	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam M. 2002-06-14 02:36:19 UTC

After successfully emerging emacs (version 21.2), I noticed that all of the 
lisp files (and a number of other files, too) under /usr/share/emacs/ were 
world-writeable (666 permissions). I would think that somebody could stick a 
malicious bit of lisp code in there.. causing emacs to execute "rm -rf ~/*" or 
"rm -rf /*".

I haven't attempted to unmerge emacs and reemerge it to see if it has been 
fixed yet, or was just a glitch. This bug may be present in Gentoo v. 1.2 as 
well.

Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev

2002-06-14 06:43:14 UTC

When emacs is installing itselfs it simply copies the files going in
/usr/share/info/emacs/* from the unpacked distribution. These files have for
some reason the wrong mask when comparing the files ebuild unpacks and when I
unpack the distribution file manually.

Comment 2 Daniel Ahlberg (RETIRED) gentoo-dev

2002-06-14 06:47:56 UTC

Created attachment 1516 [details, diff]
quick fix for setting more sane permissions on files

Comment 3 Matthew Kennedy (RETIRED) gentoo-dev

2002-07-29 22:45:58 UTC

fixed in -r1

thanks for the bug report!

Matt