Fix some file-modes races

* lisp/gnus/gnus-start.el (gnus-save-newsrc-file)
(gnus-slave-save-newsrc):
* lisp/gnus/gnus-uu.el (gnus-uu-initialize):
* lisp/gnus/mm-archive.el (mm-dissect-archive):
* lisp/gnus/mm-decode.el (mm-temp-files-delete)
(mm-display-external):
* lisp/image-dired.el (image-dired-create-thumb-1):
Use with-file-modes rather than setting the file modes later.
This fixes some race conditions where the file temporarily
has the wrong permissions.

diff --git a/lisp/gnus/gnus-start.el b/lisp/gnus/gnus-start.el
index 1fd2575ea1f42136331776eac62dbec599dd97c6..873923e6c573517ace066ce6a347bc45a58cf8e2 100644 (file)
--- a/lisp/gnus/gnus-start.el
+++ b/lisp/gnus/gnus-start.el
@@ -2812,7 +2812,7 @@ values from `gnus-newsrc-hashtb', and write a new value of
                               (file-exists-p working-file)))
 
                (unwind-protect
-                    (progn
+                   (with-file-modes (file-modes startup-file)
                       (gnus-with-output-to-file working-file
                        (gnus-gnus-to-quick-newsrc-format)
                        (gnus-run-hooks 'gnus-save-quick-newsrc-hook))
@@ -2822,14 +2822,12 @@ values from `gnus-newsrc-hashtb', and write a new value of
                       ;; file.
                       (let ((buffer-backed-up nil)
                             (buffer-file-name startup-file)
-                            (file-precious-flag t)
-                            (setmodes (file-modes startup-file)))
+                           (file-precious-flag t))
                        ;; Backup the current version of the startup file.
                        (backup-buffer)
 
                        ;; Replace the existing startup file with the temp file.
                        (rename-file working-file startup-file t)
-                       (gnus-set-file-modes startup-file setmodes)
                        (setq gnus-save-newsrc-file-last-timestamp
                              (file-attribute-modification-time
                               (file-attributes startup-file)))))
@@ -3004,14 +3002,14 @@ SPECIFIC-VARIABLES, or those in `gnus-variable-list'."
 
 (defun gnus-slave-save-newsrc ()
   (with-current-buffer gnus-dribble-buffer
-    (let ((slave-name
-          (make-temp-file (concat gnus-current-startup-file "-slave-")))
-         (modes (ignore-errors
-                  (file-modes (concat gnus-current-startup-file ".eld")))))
-      (let ((coding-system-for-write gnus-ding-file-coding-system))
-       (gnus-write-buffer slave-name))
-      (when modes
-       (gnus-set-file-modes slave-name modes)))))
+    (with-file-modes (or (ignore-errors
+                          (file-modes
+                           (concat gnus-current-startup-file ".eld")))
+                        (default-file-modes))
+      (let ((slave-name
+            (make-temp-file (concat gnus-current-startup-file "-slave-"))))
+       (let ((coding-system-for-write gnus-ding-file-coding-system))
+         (gnus-write-buffer slave-name))))))
 
 (defun gnus-master-read-slave-newsrc ()
   (let ((slave-files

diff --git a/lisp/gnus/gnus-uu.el b/lisp/gnus/gnus-uu.el
index d40ba9cef42ed0d6dd8050b117693b95522c5ebd..4037221f496f49de18be34e80726930180ce7ec3 100644 (file)
--- a/lisp/gnus/gnus-uu.el
+++ b/lisp/gnus/gnus-uu.el
@@ -1781,8 +1781,8 @@ Gnus might fail to display all of it.")
                 gnus-uu-tmp-dir)))
 
       (setq gnus-uu-work-dir
-           (make-temp-file (concat gnus-uu-tmp-dir "gnus") 'dir))
-      (gnus-set-file-modes gnus-uu-work-dir 448)
+           (with-file-modes #o700
+             (make-temp-file (concat gnus-uu-tmp-dir "gnus") 'dir)))
       (setq gnus-uu-work-dir (file-name-as-directory gnus-uu-work-dir))
       (push (cons gnus-newsgroup-name gnus-uu-work-dir)
            gnus-uu-tmp-alist))))

diff --git a/lisp/gnus/mm-archive.el b/lisp/gnus/mm-archive.el
index 71676c12a46d1dbe0f29cd699c38f5d76842e962..56253afa19301531b1e0f6c498e9fca9d0493997 100644 (file)
--- a/lisp/gnus/mm-archive.el
+++ b/lisp/gnus/mm-archive.el
@@ -42,8 +42,9 @@
         dir)
     (unless decoder
       (error "No decoder found for %s" type))
-    (setq dir (make-temp-file (expand-file-name "emm." mm-tmp-directory) 'dir))
-    (set-file-modes dir #o700)
+    (with-file-modes #o700
+      (setq dir (make-temp-file (expand-file-name "emm." mm-tmp-directory)
+                               'dir)))
     (unwind-protect
        (progn
          (mm-with-unibyte-buffer

diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index d33bb56dc9ee86437c9dfaa4cfb2bc888ecedaa9..2dab278b373967c21f5539d674f974dad7e8d58b 100644 (file)
--- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -602,11 +602,10 @@ files left at the next time."
        (push temp fails)))
     (if fails
        ;; Schedule the deletion of the files left at the next time.
-       (progn
+       (with-file-modes #o600
          (write-region (concat (mapconcat 'identity (nreverse fails) "\n")
                                "\n")
-                       nil cache-file nil 'silent)
-         (set-file-modes cache-file #o600))
+                       nil cache-file nil 'silent))
       (when (file-exists-p cache-file)
        (ignore-errors (delete-file cache-file))))
     (setq mm-temp-files-to-be-deleted nil)))
@@ -911,8 +910,10 @@ external if displayed external."
        ;; The function is a string to be executed.
        (mm-insert-part handle)
        (mm-add-meta-html-tag handle)
-       (let* ((dir (make-temp-file
-                    (expand-file-name "emm." mm-tmp-directory) 'dir))
+       ;; We create a private sub-directory where we store our files.
+       (let* ((dir (with-file-modes #o700
+                     (make-temp-file
+                      (expand-file-name "emm." mm-tmp-directory) 'dir)))
               (filename (or
                          (mail-content-type-get
                           (mm-handle-disposition handle) 'filename)
@@ -924,8 +925,6 @@ external if displayed external."
                              (assoc "needsterminal" mime-info)))
               (copiousoutput (assoc "copiousoutput" mime-info))
               file buffer)
-         ;; We create a private sub-directory where we store our files.
-         (set-file-modes dir #o700)
          (if filename
              (setq file (expand-file-name
                          (gnus-map-function mm-file-name-rewrite-functions
@@ -941,8 +940,9 @@ external if displayed external."
                ;; `mailcap-mime-extensions'.
                (setq suffix (car (rassoc (mm-handle-media-type handle)
                                          mailcap-mime-extensions))))
-             (setq file (make-temp-file (expand-file-name "mm." dir)
-                                        nil suffix))))
+             (setq file (with-file-modes #o600
+                          (make-temp-file (expand-file-name "mm." dir)
+                                          nil suffix)))))
          (let ((coding-system-for-write mm-binary-coding-system))
            (write-region (point-min) (point-max) file nil 'nomesg))
          ;; The file is deleted after the viewer exists.  If the users edits

diff --git a/lisp/image-dired.el b/lisp/image-dired.el
index 768e941490d1eb6a6e1bb37020fd40832a7ac10a..1cc38ba714bf573c691d0c36c9de347ff89a2542 100644 (file)
--- a/lisp/image-dired.el
+++ b/lisp/image-dired.el
@@ -771,8 +771,8 @@ Increase at own risk.")
          process)
     (when (not (file-exists-p thumbnail-dir))
       (message "Creating thumbnail directory")
-      (make-directory thumbnail-dir t)
-      (set-file-modes thumbnail-dir #o700))
+      (with-file-modes #o700
+       (make-directory thumbnail-dir t)))
 
     ;; Thumbnail file creation processes begin here and are marshaled
     ;; in a queue by `image-dired-create-thumb'.