bug#11912: 24.1; 'M' in Dired on a symlink does not refresh the display

[Paul Eggert <eggert@cs.ucla.edu>]

[-- Attachment #1: Type: text/plain, Size: 1130 bytes --]

On 8/24/21 8:40 AM, Lars Ingebrigtsen wrote:

> I'm surprised that the `M' command even tries to do the chmod on the
> symlink.

Unfortunately the M command doesn't know in advance whether chmod will 
work on the symlink, as that is platform and filesystem dependent (this 
is in addition to the usual race-condition problem). So as a practical 
matter the M command must try the chmod and report the failure somehow. 
(Perhaps the reporting could be improved; I expect that's low priority.)

A few things:

* I neglected to document this behavior change, so I just now installed 
the attached to fix that oversight.

* Because of this behavior change, the example Eli gives at the start of 
Bug#11912 is now obsolete, as the bug has been fixed in a different way. 
However, as Eli mentioned, there are other commands (like 'O') where the 
bug is still present.

* And this suggests that some longstanding security and other bugs 
remain in this area. I plan to file more bug reports that will cite 
Bug#11912. If the other bugs are fixed, then Bug#11912 should be 
completely obsolete and can be closed.

[-- Attachment #2: 0001-Doc-that-dired-do-chmod-no-longer-follows-symlinks.patch --]
[-- Type: text/x-patch, Size: 1764 bytes --]

From 2c8657f4f63e6d2b6e1d0866dd597bc85b422430 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Tue, 24 Aug 2021 10:15:43 -0700
Subject: [PATCH] Doc that dired-do-chmod no longer follows symlinks

* doc/emacs/dired.texi (Operating on Files):
* etc/NEWS: Document this security precaution.
---
 doc/emacs/dired.texi | 4 +++-
 etc/NEWS             | 6 ++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/doc/emacs/dired.texi b/doc/emacs/dired.texi
index 680b20c593..e84ed0f7b6 100644
--- a/doc/emacs/dired.texi
+++ b/doc/emacs/dired.texi
@@ -823,7 +823,9 @@ Operating on Files
 Change the mode (also called @dfn{permission bits}) of the specified
 files (@code{dired-do-chmod}).  @var{modespec} can be in octal or
 symbolic notation, like arguments handled by the @command{chmod}
-program.
+program.  This command does not follow symbolic links, so it reports
+an error if you try to change the mode of a symbolic link on a
+platform where such modes are immutable.
 
 @findex dired-do-chgrp
 @kindex G @r{(Dired)}
diff --git a/etc/NEWS b/etc/NEWS
index 588290f433..07a78216b8 100644
--- a/etc/NEWS
+++ b/etc/NEWS
@@ -909,6 +909,12 @@ time zones will use a form like "+0100" instead of "CET".
 If non-nil, Dired will kill the current buffer when selecting a new
 directory to display.
 
++++
+*** Behavior change on 'dired-do-chmod'.
+As a security precaution, Dired's M command no longer follows symbolic
+links.  Instead, it changes the symbolic link's own mode; this always
+fails on platforms where such modes are immutable.
+
 ---
 *** Behavior change on 'dired-clean-confirm-killing-deleted-buffers'.
 Previously, if 'dired-clean-up-buffers-too' was non-nil, and
-- 
2.30.2