This fixes bug#4197 (merged to bug#865, though not identical).

* server.el (server-auth-dir): Add docstring note about FAT32. (server-ensure-safe-dir): Accept FAT32 directories as "safe", but warn against using them.
2026-01-30 04:10:54 -08:00 · 2009-09-19 14:56:04 +00:00 · 2009-09-19 14:56:04 +00:00 · 3e70541aed
commit 3e70541aed
parent d443acd9b1
2 changed files with 38 additions and 5 deletions
--- a/lisp/ChangeLog
+++ b/lisp/ChangeLog
@ -1,3 +1,11 @@
+2009-09-19  Juanma Barranquero  <lekktu@gmail.com>
+	    Eli Zaretskii  <eliz@gnu.org>
+
+	This fixes bug#4197 (merged to bug#865, though not identical).
+	* server.el (server-auth-dir): Add docstring note about FAT32.
+	(server-ensure-safe-dir): Accept FAT32 directories as "safe",
+	but warn against using them.
+
 2009-09-19  Nick Roberts  <nickrob@snap.net.nz>

 	* progmodes/gdb-mi.el (gdb-var-update-handler-1): Include case of
--- a/lisp/server.el
+++ b/lisp/server.el
@ -113,7 +113,12 @@ If set, the server accepts remote connections; otherwise it is local."
 (put 'server-host 'risky-local-variable t)

 (defcustom server-auth-dir (locate-user-emacs-file "server/")
-  "Directory for server authentication files."
+  "Directory for server authentication files.
+
+NOTE: On FAT32 filesystems, directories are not secure;
+files can be read and modified by any user or process.
+It is strongly suggested to set `server-auth-dir' to a
+directory residing in a NTFS partition instead."
  :group 'server
  :type 'directory
  :version "22.1")
@ -453,11 +458,31 @@ Creates the directory if necessary and makes sure:
    (unless attrs
      (letf (((default-file-modes) ?\700)) (make-directory dir t))
      (setq attrs (file-attributes dir 'integer)))
+
    ;; Check that it's safe for use.
-    (unless (and (eq t (car attrs)) (eql (nth 2 attrs) (user-uid))
-                 (or (eq system-type 'windows-nt)
-                     (zerop (logand ?\077 (file-modes dir)))))
-      (error "The directory %s is unsafe" dir))))
+    (let* ((uid (nth 2 attrs))
+	   (w32 (eq system-type 'windows-nt))
+	   (safe (catch :safe
+		   (unless (eq t (car attrs))   ; is a dir?
+		     (throw :safe nil))
+		   (when (and w32 (zerop uid))  ; on FAT32?
+		     (display-warning
+		      'server
+		      (format "Using `%s' to store Emacs-server authentication files.
+Directories on FAT32 filesystems are NOT secure against tampering.
+See variable `server-auth-dir' for details."
+			      (file-name-as-directory dir))
+		      :warning)
+		     (throw :safe t))
+		   (unless (eql uid (user-uid)) ; is the dir ours?
+		     (throw :safe nil))
+		   (when w32                    ; on NTFS?
+		     (throw :safe t))
+		   (unless (zerop (logand ?\077 (file-modes dir)))
+		     (throw :safe nil))
+		   t)))
+      (unless safe
+	(error "The directory `%s' is unsafe" dir)))))

 ;;;###autoload
 (defun server-start (&optional leave-dead)