From 3e70541aed3c5ee2ed345ea94b2c61b36c44142d Mon Sep 17 00:00:00 2001
From: Juanma Barranquero <lekktu@gmail.com>
Date: Sat, 19 Sep 2009 14:56:04 +0000
Subject: [PATCH] This fixes bug#4197 (merged to bug#865, though not
 identical).

* server.el (server-auth-dir): Add docstring note about FAT32.
  (server-ensure-safe-dir): Accept FAT32 directories as "safe",
  but warn against using them.
---
 lisp/ChangeLog |  8 ++++++++
 lisp/server.el | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 38 insertions(+), 5 deletions(-)

diff --git a/lisp/ChangeLog b/lisp/ChangeLog
index 7c3451d349f..8b15bd07573 100644
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@@ -1,3 +1,11 @@
+2009-09-19  Juanma Barranquero  <lekktu@gmail.com>
+	    Eli Zaretskii  <eliz@gnu.org>
+
+	This fixes bug#4197 (merged to bug#865, though not identical).
+	* server.el (server-auth-dir): Add docstring note about FAT32.
+	(server-ensure-safe-dir): Accept FAT32 directories as "safe",
+	but warn against using them.
+
 2009-09-19  Nick Roberts  <nickrob@snap.net.nz>
 
 	* progmodes/gdb-mi.el (gdb-var-update-handler-1): Include case of
diff --git a/lisp/server.el b/lisp/server.el
index f198ac83693..a1d0fbf32cf 100644
--- a/lisp/server.el
+++ b/lisp/server.el
@@ -113,7 +113,12 @@ If set, the server accepts remote connections; otherwise it is local."
 (put 'server-host 'risky-local-variable t)
 
 (defcustom server-auth-dir (locate-user-emacs-file "server/")
-  "Directory for server authentication files."
+  "Directory for server authentication files.
+
+NOTE: On FAT32 filesystems, directories are not secure;
+files can be read and modified by any user or process.
+It is strongly suggested to set `server-auth-dir' to a
+directory residing in a NTFS partition instead."
   :group 'server
   :type 'directory
   :version "22.1")
@@ -453,11 +458,31 @@ Creates the directory if necessary and makes sure:
     (unless attrs
       (letf (((default-file-modes) ?\700)) (make-directory dir t))
       (setq attrs (file-attributes dir 'integer)))
+
     ;; Check that it's safe for use.
-    (unless (and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))
-                 (or (eq system-type 'windows-nt)
-                     (zerop (logand ?\077 (file-modes dir)))))
-      (error "The directory %s is unsafe" dir))))
+    (let* ((uid (nth 2 attrs))
+	   (w32 (eq system-type 'windows-nt))
+	   (safe (catch :safe
+		   (unless (eq t (car attrs))   ; is a dir?
+		     (throw :safe nil))
+		   (when (and w32 (zerop uid))  ; on FAT32?
+		     (display-warning
+		      'server
+		      (format "Using `%s' to store Emacs-server authentication files.
+Directories on FAT32 filesystems are NOT secure against tampering.
+See variable `server-auth-dir' for details."
+			      (file-name-as-directory dir))
+		      :warning)
+		     (throw :safe t))
+		   (unless (eql uid (user-uid)) ; is the dir ours?
+		     (throw :safe nil))
+		   (when w32                    ; on NTFS?
+		     (throw :safe t))
+		   (unless (zerop (logand ?\077 (file-modes dir)))
+		     (throw :safe nil))
+		   t)))
+      (unless safe
+	(error "The directory `%s' is unsafe" dir)))))
 
 ;;;###autoload
 (defun server-start (&optional leave-dead)
-- 
2.39.5