* epg.el (epg--make-temp-file): Avoid permission race conditions

when creating temporary directories and files on older Emacs.

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 2c1d59d45a55201c03c753c363ca946925a50272..ba05002cc690eeeaf7484d51fbeca5ad3210259a 100644 (file)
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,5 +1,8 @@
 2011-12-29  Paul Eggert  <eggert@cs.ucla.edu>
 
+       * epg.el (epg--make-temp-file): Avoid permission race conditions
+       when creating temporary directories and files on older Emacs.
+
        * files.el (move-file-to-trash): Preserve default file modes on error.
        (Bug#10401)
 

diff --git a/lisp/epg.el b/lisp/epg.el
index 133e76da96c7989666a129df65b067d8190c6e41..8e784257d547119bf20fdb9947803b5981404516 100644 (file)
--- a/lisp/epg.el
+++ b/lisp/epg.el
@@ -1951,14 +1951,16 @@ The returned file name (created by appending some random characters at the end
 of PREFIX, and expanding against `temporary-file-directory' if necessary),
 is guaranteed to point to a newly created empty file.
 You can then use `write-region' to write new data into the file."
-      (let (tempdir tempfile)
+      (let (tempdir tempfile orig-modes)
        (setq prefix (expand-file-name prefix
                                       (if (featurep 'xemacs)
                                           (temp-directory)
                                         temporary-file-directory)))
+       (setq orig-modes (default-file-modes))
        (unwind-protect
            (let (file)
              ;; First, create a temporary directory.
+             (set-default-file-modes #o700)
              (while (condition-case ()
                         (progn
                           (setq tempdir (make-temp-name
@@ -1969,14 +1971,12 @@ You can then use `write-region' to write new data into the file."
                           (make-directory tempdir))
                       ;; let's try again.
                       (file-already-exists t)))
-             (set-file-modes tempdir 448)
              ;; Second, create a temporary file in the tempdir.
              ;; There *is* a race condition between `make-temp-name'
              ;; and `write-region', but we don't care it since we are
              ;; in a private directory now.
              (setq tempfile (make-temp-name (concat tempdir "/EMU")))
              (write-region "" nil tempfile nil 'silent)
-             (set-file-modes tempfile 384)
              ;; Finally, make a hard-link from the tempfile.
              (while (condition-case ()
                         (progn
@@ -1986,6 +1986,7 @@ You can then use `write-region' to write new data into the file."
                       ;; let's try again.
                       (file-already-exists t)))
              file)
+         (set-default-file-modes orig-modes)
          ;; Cleanup the tempfile.
          (and tempfile
               (file-exists-p tempfile)