From 56caf1c9b887ccbb6d35a95ca257f633bb71d1d3 Mon Sep 17 00:00:00 2001
From: Stefan Kangas <stefan@marxist.se>
Date: Sun, 24 Oct 2021 21:20:16 +0200
Subject: [PATCH] Use restrictive umask when creating image-dired data
* lisp/image-dired.el (image-dired-dir)
(image-dired-sane-db-file): Create thumbnail directory and
.image-dired_db with umask 077. This avoids creating world readable
copies of private data, and is in fact mandated by the Thumbnail
Managing Standard that we aim to support.
---
lisp/image-dired.el | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/lisp/image-dired.el b/lisp/image-dired.el
index 2af0c6654ec..e5fbfcf9278 100644
--- a/lisp/image-dired.el
+++ b/lisp/image-dired.el
@@ -538,7 +538,8 @@ Create the thumbnails directory if it does not exist."
(let ((image-dired-dir (file-name-as-directory
(expand-file-name image-dired-dir))))
(unless (file-directory-p image-dired-dir)
- (make-directory image-dired-dir t)
+ (with-file-modes #o700
+ (make-directory image-dired-dir t))
(message "Creating thumbnails directory"))
image-dired-dir))
@@ -1070,10 +1071,12 @@ Signal error if there are problems creating it."
(let (dir buf)
(unless (file-directory-p (setq dir (file-name-directory
image-dired-db-file)))
- (make-directory dir t))
+ (with-file-modes #o700
+ (make-directory dir t)))
(with-current-buffer (setq buf (create-file-buffer
image-dired-db-file))
- (write-file image-dired-db-file))
+ (with-file-modes #o600
+ (write-file image-dired-db-file)))
(kill-buffer buf)
(file-exists-p image-dired-db-file))
(error "Could not create %s" image-dired-db-file)))
@@ -2515,6 +2518,7 @@ when using per-directory thumbnail file storage"))
(if (file-exists-p image-dired-gallery-dir)
(if (not (file-directory-p image-dired-gallery-dir))
(error "Variable image-dired-gallery-dir is not a directory"))
+ ;; FIXME: Should we set umask to 077 here, as we do for thumbnails?
(make-directory image-dired-gallery-dir))
;; Open index file
(with-temp-file index-file
--
2.39.5