From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#12632: file permissions checking mishandled when setuid Date: Mon, 22 Oct 2012 18:46:56 -0700 Organization: UCLA Computer Science Department Message-ID: <5085F710.5050102@cs.ucla.edu> References: <5078CAB6.7020509@cs.ucla.edu> <83sj9g4vy7.fsf@gnu.org> <507BAA6C.2000601@cs.ucla.edu> <83lif74p78.fsf@gnu.org> <507C823D.40304@cs.ucla.edu> <83d30j3wqg.fsf@gnu.org> <507CF802.6000305@cs.ucla.edu> <83a9vm4bmv.fsf@gnu.org> <50818763.80501@cs.ucla.edu> <83wqymz4me.fsf@gnu.org> <5081A1DF.9000009@cs.ucla.edu> <5081ABD6.9060002@cs.ucla.edu> <23r4osd2f9.fsf@fencepost.gnu.org> <50836366.6080600@cs.ucla.edu> <5084E1B2.2020105@cs.ucla.edu> <83ipa2ctl2.fsf@gnu.org> <5085AD9E.7040701@cs.ucla.edu> <838vaycj65.fsf@gnu.org> <5085BB01.2030402@cs.ucla.edu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1350956841 11372 80.91.229.3 (23 Oct 2012 01:47:21 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 23 Oct 2012 01:47:21 +0000 (UTC) Cc: 12632@debbugs.gnu.org To: Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Oct 23 03:47:29 2012 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1TQTaW-0005XQ-WD for geb-bug-gnu-emacs@m.gmane.org; Tue, 23 Oct 2012 03:47:25 +0200 Original-Received: from localhost ([::1]:38669 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQTaP-0002KY-A7 for geb-bug-gnu-emacs@m.gmane.org; Mon, 22 Oct 2012 21:47:17 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:44362) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQTaM-0002KS-DN for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 21:47:15 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TQTaL-0003e4-Be for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 21:47:14 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:46299) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TQTaL-0003e0-85 for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 21:47:13 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72) (envelope-from ) id 1TQTc6-00064u-8U for bug-gnu-emacs@gnu.org; Mon, 22 Oct 2012 21:49:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 23 Oct 2012 01:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 12632 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security patch Original-Received: via spool by 12632-submit@debbugs.gnu.org id=B12632.135095694023356 (code B ref 12632); Tue, 23 Oct 2012 01:49:02 +0000 Original-Received: (at 12632) by debbugs.gnu.org; 23 Oct 2012 01:49:00 +0000 Original-Received: from localhost ([127.0.0.1]:56550 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TQTc2-00064e-5O for submit@debbugs.gnu.org; Mon, 22 Oct 2012 21:48:59 -0400 Original-Received: from smtp.cs.ucla.edu ([131.179.128.62]:58694) by debbugs.gnu.org with esmtp (Exim 4.72) (envelope-from ) id 1TQTbz-00064Q-N2 for 12632@debbugs.gnu.org; Mon, 22 Oct 2012 21:48:57 -0400 Original-Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp.cs.ucla.edu (Postfix) with ESMTP id 764A6A60009; Mon, 22 Oct 2012 18:47:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu Original-Received: from smtp.cs.ucla.edu ([127.0.0.1]) by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Dffjlz9C4+R; Mon, 22 Oct 2012 18:47:00 -0700 (PDT) Original-Received: from [192.168.1.3] (pool-108-23-119-2.lsanca.fios.verizon.net [108.23.119.2]) by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 023ADA60006; Mon, 22 Oct 2012 18:46:59 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux i686; rv:16.0) Gecko/20121011 Thunderbird/16.0.1 In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.13 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:65894 Archived-At: On 10/22/2012 05:40 PM, Stefan Monnier wrote: >>> We use IS_DIRECTORY_SEP in other places, so why avoid it here? >> > If it's not needed, it makes the code a bit harder to read. > I don't see why. The name says very clearly what it is intended to do. > On the contrary, it seems more clear than comparing with '/' which only > makes sense if you happen to know that / is the special char used as > directory-separator. Using IS_DIRECTORY_SEP indicates that it's necessary to process a file name using a system-dependent interpretation rather than the standard POSIX interpretation. When plain X=='/' would do, it can mislead the reader if the code does IS_DIRECTORY_SEP (X), as the reader may naturally (and mistakenly) infer that the code was written that way because it must treat '\' specially on Windows. It's primarily this clarity, not the brevity, that I was referring to.