11414 – xemacs-packages dir by default 777

Bug 11414 - xemacs-packages dir by default 777

Summary: xemacs-packages dir by default 777

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Powertools
Classification:	Retired
Component:	xemacs
Sub Component:
Version:	6.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Ngo Than
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-05-15 08:45 UTC by Vladimir Vukicevic
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2000-05-15 16:15:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description Vladimir Vukicevic 2000-05-15 08:45:35 UTC

XEmacs 21 (and up) includes support for an automatic package installing
system. The problem is that, by default, /usr/lib/xemacs/xemacs-packages
is installed with mode 777, thus allowing any user to upgrade packages --
but also to introduce any trojan horses or any other such things,
especially on shared systems.

Since xemacs is so complex, this can be exploited in many ways (i.e.
hacking term.el or shell.el to save passwords, etc.)

Comment 1 Trond Eivind Glomsrxd 2000-07-12 15:28:19 UTC

This was fixed at some point. Thanks.

Note You need to log in before you can comment on or make changes to this bug.