From: Stefan Monnier Date: Sat, 12 Apr 2003 19:04:11 +0000 (+0000) Subject: (server-socket-name): Use new safe location for socket. X-Git-Tag: ttn-vms-21-2-B4~10532 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=724629d2c2c796c1f831f33db6201f5f9f515a26;p=emacs.git (server-socket-name): Use new safe location for socket. (server-ensure-safe-dir): New fun. (server-start): Use it. (server-process-filter): Re-enable the -eval feature. --- diff --git a/lisp/server.el b/lisp/server.el index 39c183a3fc5..5256df44dd4 100644 --- a/lisp/server.el +++ b/lisp/server.el @@ -1,6 +1,6 @@ ;;; server.el --- Lisp code for GNU Emacs running as server process -;; Copyright (C) 1986, 87, 92, 94, 95, 96, 97, 98, 99, 2000, 2001, 2002 +;; Copyright (C) 1986,87,92,94,95,96,97,98,99,2000,01,02,2003 ;; Free Software Foundation, Inc. ;; Author: William Sommerfeld @@ -159,11 +159,8 @@ This means that the server should not kill the buffer when you say you are done with it in the server.") (make-variable-buffer-local 'server-existing-buffer) -;; Fixme: This doesn't look secure. If it really is, it deserves a -;; comment, but I'd expect it to be created in a protected subdir as -;; normal. -- fx (defvar server-socket-name - (format "/tmp/esrv%d-%s" (user-uid) + (format "/tmp/emacs%d-%s/server" (user-uid) (substring (system-name) 0 (string-match "\\." (system-name))))) (defun server-log (string &optional client) @@ -223,6 +220,22 @@ are done with it in the server.") (t " "))) arg t t)) +(defun server-ensure-safe-dir (dir) + "Make sure DIR is a directory with no race-condition issues. +Creates the directory if necessary and makes sure: +- there's no symlink involved +- it's owned by us +- it's not readable/writable by anybody else." + (setq dir (directory-file-name dir)) + (let ((attrs (file-attributes dir))) + (unless attrs + (letf (((default-file-modes) ?\700)) (make-directory dir)) + (setq attrs (file-attributes dir))) + ;; Check that it's safe for use. + (unless (and (eq t (car attrs)) (eq (nth 2 attrs) (user-uid)) + (zerop (logand ?\077 (file-modes dir)))) + (error "The directory %s is unsafe" dir)))) + ;;;###autoload (defun server-start (&optional leave-dead) "Allow this Emacs process to be a server for client processes. @@ -233,6 +246,8 @@ Emacs distribution as your standard \"editor\". Prefix arg means just kill any existing server communications subprocess." (interactive "P") + ;; Make sure there is a safe directory in which to place the socket. + (server-ensure-safe-dir (file-name-directory server-socket-name)) ;; kill it dead! (condition-case () (delete-process server-process) (error nil)) ;; Delete the socket files made by previous server invocations. @@ -271,7 +286,6 @@ Server mode runs a process that accepts commands from the ;; Fixme: Should this check for an existing server socket and do ;; nothing if there is one (for multiple Emacs sessions)? (server-start (not server-mode))) -(custom-add-version 'server-mode "21.4") (defun server-process-filter (proc string) "Process a request from the server to edit some files. @@ -296,13 +310,11 @@ PROC is the server process. Format of STRING is \"PATH PATH PATH... \\n\"." (setq string (substring string (match-end 0))) (setq client (cons proc nil)) (while (string-match "[^ ]* " request) - (let ((arg (substring request (match-beginning 0) (1- (match-end 0)))) - (pos 0)) + (let ((arg (substring request (match-beginning 0) (1- (match-end 0))))) (setq request (substring request (match-end 0))) (cond ((equal "-nowait" arg) (setq nowait t)) -;;; This is not safe unless we make sure other users can't send commands. -;;; ((equal "-eval" arg) (setq eval t)) + ((equal "-eval" arg) (setq eval t)) ((and (equal "-display" arg) (string-match "\\([^ ]*\\) " request)) (let ((display (server-unquote-arg (match-string 1 request)))) (setq request (substring request (match-end 0)))