From: Stefan Kangas Date: Sun, 24 Oct 2021 19:20:16 +0000 (+0200) Subject: Use restrictive umask when creating image-dired data X-Git-Tag: emacs-28.0.90~188 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=56caf1c9b887ccbb6d35a95ca257f633bb71d1d3;p=emacs.git Use restrictive umask when creating image-dired data * lisp/image-dired.el (image-dired-dir) (image-dired-sane-db-file): Create thumbnail directory and .image-dired_db with umask 077. This avoids creating world readable copies of private data, and is in fact mandated by the Thumbnail Managing Standard that we aim to support. --- diff --git a/lisp/image-dired.el b/lisp/image-dired.el index 2af0c6654ec..e5fbfcf9278 100644 --- a/lisp/image-dired.el +++ b/lisp/image-dired.el @@ -538,7 +538,8 @@ Create the thumbnails directory if it does not exist." (let ((image-dired-dir (file-name-as-directory (expand-file-name image-dired-dir)))) (unless (file-directory-p image-dired-dir) - (make-directory image-dired-dir t) + (with-file-modes #o700 + (make-directory image-dired-dir t)) (message "Creating thumbnails directory")) image-dired-dir)) @@ -1070,10 +1071,12 @@ Signal error if there are problems creating it." (let (dir buf) (unless (file-directory-p (setq dir (file-name-directory image-dired-db-file))) - (make-directory dir t)) + (with-file-modes #o700 + (make-directory dir t))) (with-current-buffer (setq buf (create-file-buffer image-dired-db-file)) - (write-file image-dired-db-file)) + (with-file-modes #o600 + (write-file image-dired-db-file))) (kill-buffer buf) (file-exists-p image-dired-db-file)) (error "Could not create %s" image-dired-db-file))) @@ -2515,6 +2518,7 @@ when using per-directory thumbnail file storage")) (if (file-exists-p image-dired-gallery-dir) (if (not (file-directory-p image-dired-gallery-dir)) (error "Variable image-dired-gallery-dir is not a directory")) + ;; FIXME: Should we set umask to 077 here, as we do for thumbnails? (make-directory image-dired-gallery-dir)) ;; Open index file (with-temp-file index-file