From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?UTF-8?Q?=E7=A9=8D=E4=B8=B9=E5=B0=BC?= Dan Jacobson Newsgroups: gmane.emacs.bugs Subject: bug#16984: dired-do-rename susceptible to .../~/... hijack Date: Tue, 11 Mar 2014 02:10:07 +0800 Message-ID: <87eh2aq60w.fsf@jidanni.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1394492232 10154 80.91.229.3 (10 Mar 2014 22:57:12 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 10 Mar 2014 22:57:12 +0000 (UTC) To: 16984@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Mar 10 23:57:20 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WN98J-00033w-UY for geb-bug-gnu-emacs@m.gmane.org; Mon, 10 Mar 2014 23:57:20 +0100 Original-Received: from localhost ([::1]:51539 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WN98J-0005LP-MC for geb-bug-gnu-emacs@m.gmane.org; Mon, 10 Mar 2014 18:57:19 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51892) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WN98A-0005LG-Bq for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:57:17 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WN983-00019i-GH for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:57:10 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:59470) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WN983-00019e-DX for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:57:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WN982-0006xN-Vl for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:57:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: =?UTF-8?Q?=E7=A9=8D=E4=B8=B9=E5=B0=BC?= Dan Jacobson Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 10 Mar 2014 22:57:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 16984 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.139449218726685 (code B ref -1); Mon, 10 Mar 2014 22:57:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 10 Mar 2014 22:56:27 +0000 Original-Received: from localhost ([127.0.0.1]:60650 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WN97T-0006wL-4M for submit@debbugs.gnu.org; Mon, 10 Mar 2014 18:56:27 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:49986) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WN97Q-0006w2-B3 for submit@debbugs.gnu.org; Mon, 10 Mar 2014 18:56:24 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WN97J-00013N-7q for submit@debbugs.gnu.org; Mon, 10 Mar 2014 18:56:23 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:41035) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WN97J-00013J-5Z for submit@debbugs.gnu.org; Mon, 10 Mar 2014 18:56:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51645) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WN97D-00057K-6o for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:56:17 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WN977-00010S-1v for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:56:11 -0400 Original-Received: from caiajhbdcbef.dreamhost.com ([208.97.132.145]:47317 helo=homiemail-a38.g.dreamhost.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WN976-00010I-T6 for bug-gnu-emacs@gnu.org; Mon, 10 Mar 2014 18:56:04 -0400 Original-Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 0B7AA10AFAE for ; Mon, 10 Mar 2014 15:56:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=jidanni.org; h=from:to :subject:date:message-id:mime-version:content-type; s= jidanni.org; bh=DSWgAk048mYnwtR8kFudFbjc7oA=; b=jvWrIXRe/4dtfd7w 5smd4LLhnXTQ/zK//JUXEyDDkTiUU1ZvmB/2rTb8zbG5hnHOxskaPKoQxKeaHxAR gyoSrPWf9SLc8JxbaURyTOj7g5QTGUvlpMJxdCyP1qawwuk/q1dK44jPwsow6+td D7d9TlCQWRzpntdyt/8tBT1nBrE= Original-Received: from jidanni.org (114-26-44-89.dynamic.hinet.net [114.26.44.89]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jidanni@jidanni.org) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 8315F10AFAD for ; Mon, 10 Mar 2014 15:56:03 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:86730 Archived-At: R runs the command dired-do-rename, which is an interactive autoloaded compiled Lisp function in `dired-aux.el'. Using it, I got this strange error: Move `/home/jidanni/.cpanm/work/1327389327.6650' to `/tmp/1327389327.6650' failed: (file-error Opening output file permission denied /home/jidanni/perl5/lib/perl5/i486-linux-gnu-thread-multi-64int/.meta/accessors-1.01/MYMETA.json) Well it turns out emacs' file name simplifying rules are being applied in inappropriate places like when encountering /home/jidanni/.cpanm/work/1327389327.6650/accessors-1.01/~/perl5/lib/perl5/i486-linux-gnu-thread-multi-64int/.meta/accessors-1.01: total 16 drwxr-xr-x 2 jidanni 4096 2012-01-24 . drwxr-xr-x 3 jidanni 4096 2012-01-24 .. -r--r--r-- 1 jidanni 1374 2012-01-24 MYMETA.json -r--r--r-- 1 jidanni 456 2012-01-24 install.json One must use /bin/mv and not dired-do-rename to get the job done right. One can even think of ways the bad guys could exploit this to chip away at arbitrary files. $ apt-cache policy emacs-snapshot emacs-snapshot: Installed: 2:20140101-1