bug#15866: Gnutls elisp code doesn't properly check for file existence

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: Ted Zlatanov <tzz@lifelogs.com>
To: <emacs@kosowsky.org>
Cc: 15866@debbugs.gnu.org
Subject: bug#15866: Gnutls elisp code doesn't properly check for file existence
Date: Tue, 12 Nov 2013 14:41:20 -0500	[thread overview]
Message-ID: <87mwl9h0gv.fsf@flea.lifelogs.com> (raw)
In-Reply-To: <21122.28580.612896.572445@consult.pretender> (emacs@kosowsky.org's message of "Tue, 12 Nov 2013 13:12:52 -0500")

On Tue, 12 Nov 2013 13:12:52 -0500 <emacs@kosowsky.org> wrote: 

> Eli Zaretskii wrote at about 19:48:18 +0200 on Tuesday, November 12, 2013:
>> > Date: Mon, 11 Nov 2013 19:20:08 -0500
>> > From: "" <emacs@kosowsky.org>
>> > 
>> > i]  If the function 'expand-file-name' has an associated magic file
>> >     handler, the function expand-file-name is called to convert it "to
>> >     absolute, and canonicalize it" (quoted from the function
>> >     definition).
>> > 
>> > ii] The test for file-exists-p is then wrapped in a 'let' construct
>> > 	with file-name-handler-alist set to nil. This effectively shuts
>> > 	off magic file handling and ensures that file-exists-p now checks
>> > 	for true OS existence of the now potentially expanded path.
>> > 
>> > iii]The function gnutls-trustfiles is now assured that it will be
>> >     passed an OS-valid path.
>> 
>> Thanks.
>> 
>> As I wrote elsewhere, I agree that gnutls.el should ignore file
>> handlers when it looks for certificate files.
>> 
>> But then _not_ ignoring the expand-file-name handler makes little
>> sense to me: the result could exist as a local file name that has no
>> relation whatsoever to certificates, which will again fail in strange
>> ways inside the GnuTLS library.
>> 
>> So I think we should do ii], but not i].

> As I mentioned many times, I would find that an acceptable even if
> minimal and non-ideal (for me) solution - provided that it also were
> documented in the elisp file and probably also in the
> gnutls-trustfiles variable that magic file handling is shut off for
> this variable. I am ok with that.

Great.  Could you test and submit the patch with just that piece [ii]
and I'll commit it, then add the documentation?

> I also think that the following two usability messages should be
> added:
> 1. Warning message (but perhaps not error) triggered if no elements of
>    gnutls-trustfiles are valid files

Good idea, I'll add it with the docs.

> 2. Trapping of error if for some reason file-exists-p shows the file
>    to exist but for some reason gnutls still can't access it.

I'm not sure this should be trapped at that level.  It feels like
something that should be bounced up to the user, as it could indicate
serious system problems or some suspicious (possibly malicious)
tinkering with the file calls.

>> Btw, I think many Emacs packages don't make sense with remote files,
>> so they should also ignore file handlers.  IOW, this is not specific
>> to gnutls.el.

Right, hence my concern about doing these fixes just for gnutls.el.  It
seems like a general problem.

Ted

next prev parent reply	other threads:[~2013-11-12 19:41 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-12  0:20 bug#15866: Gnutls elisp code doesn't properly check for file existence emacs
2013-11-12 17:48 ` Eli Zaretskii
2013-11-12 18:12   ` emacs
2013-11-12 19:41     ` Ted Zlatanov [this message]
2013-11-12 19:52   ` Michael Albinus
2013-11-12 20:27     ` Stefan Monnier
2014-12-07 20:17       ` Lars Magne Ingebrigtsen
2014-12-07 21:08         ` Eli Zaretskii
2014-12-07 21:15           ` Lars Magne Ingebrigtsen
2014-12-08  3:32             ` Eli Zaretskii
2014-12-08  7:40               ` Michael Albinus
2014-12-08 18:14               ` Lars Magne Ingebrigtsen
2014-12-08  7:34         ` Michael Albinus
2013-11-12 20:02   ` Stefan Monnier
2013-11-16 23:34     ` Ted Zlatanov
2013-11-17  1:51       ` Stefan Monnier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87mwl9h0gv.fsf@flea.lifelogs.com \
    --to=tzz@lifelogs.com \
    --cc=15866@debbugs.gnu.org \
    --cc=emacs@kosowsky.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).