From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: =?UTF-8?Q?=C3=86var_?= =?UTF-8?Q?Arnfj=C3=B6r=C3=B0?= Bjarmason Newsgroups: gmane.emacs.bugs Subject: bug#24478: 25.1; Regression in 25.1: .tramp_history files are littered in non-$HOME working directories Date: Mon, 10 Oct 2016 13:14:57 +0200 Message-ID: References: <8737kuan39.fsf@booking.com> <87zimzke24.fsf@gmx.de> <83int0ebfz.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1476098198 19974 195.159.176.226 (10 Oct 2016 11:16:38 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 10 Oct 2016 11:16:38 +0000 (UTC) Cc: Michael Albinus , Ted Zlatanov , 24478@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Oct 10 13:16:29 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1btYZ5-0002LJ-02 for geb-bug-gnu-emacs@m.gmane.org; Mon, 10 Oct 2016 13:16:15 +0200 Original-Received: from localhost ([::1]:48896 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btYZ3-0006g1-Jl for geb-bug-gnu-emacs@m.gmane.org; Mon, 10 Oct 2016 07:16:13 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53736) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btYYx-0006fk-7J for bug-gnu-emacs@gnu.org; Mon, 10 Oct 2016 07:16:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1btYYs-0005jF-Jp for bug-gnu-emacs@gnu.org; Mon, 10 Oct 2016 07:16:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:44359) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1btYYs-0005ix-GY for bug-gnu-emacs@gnu.org; Mon, 10 Oct 2016 07:16:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1btYYs-0003Ht-9S for bug-gnu-emacs@gnu.org; Mon, 10 Oct 2016 07:16:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: =?UTF-8?Q?=C3=86var_?= =?UTF-8?Q?Arnfj=C3=B6r=C3=B0?= Bjarmason Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 10 Oct 2016 11:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 24478 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 24478-submit@debbugs.gnu.org id=B24478.147609813212598 (code B ref 24478); Mon, 10 Oct 2016 11:16:02 +0000 Original-Received: (at 24478) by debbugs.gnu.org; 10 Oct 2016 11:15:32 +0000 Original-Received: from localhost ([127.0.0.1]:50549 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1btYYN-0003H8-PE for submit@debbugs.gnu.org; Mon, 10 Oct 2016 07:15:32 -0400 Original-Received: from mail-qk0-f173.google.com ([209.85.220.173]:34633) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1btYYM-0003Gv-KH for 24478@debbugs.gnu.org; Mon, 10 Oct 2016 07:15:31 -0400 Original-Received: by mail-qk0-f173.google.com with SMTP id f128so84159576qkb.1 for <24478@debbugs.gnu.org>; Mon, 10 Oct 2016 04:15:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=7kC7VtJiwJOJU6JcFEHvtLucRtVyG4C8QuZqjMHmOUM=; b=BIN3eVBnAYyr43wm6ebHKXIaBNJj8oFcolIF69w09dmpQyR0mOPars9mkMO6wwKF76 BKZyYgkkC/tiYvZV1MFk037Id+xm49ppPbXZvS7TfxDG9Ng/cBgGeTkBhzpbAVOWOPNF YwmsFff52neRLKm6MZdn5TSYuu9qJTFfIb21lYLtKNAxVJp3DrbTBCPUotPat6aYpJI+ sJNROnrqznWN8SqjEMAEc53vyF9b+9bggx0ZahVfZz+pGC/6hWefKziZsRIuFZfl2RmQ eu3Nm+Ny3kMx00DgXpxENEyiuFQQSqCqqsj9GDewiCsQ9yXnjsP5vuPOkLUXcTFKuvPO lAsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=7kC7VtJiwJOJU6JcFEHvtLucRtVyG4C8QuZqjMHmOUM=; b=Fl2WFiZiIPjtOLBExpxhUqSTca6XKb6rdOwW/ZaJst/jHQQeqYhvmiU4SrO6IQvpX3 jJQMUgpTWdDsfMPP5cts59ivCDbQZg282Q5rEVkG7IPMhQR6i2KVnKYYulugD9vyNuyK 10PrmApaxZNRLO2vFqokDiuQnoVuX2OweV/M56wcVgT5bacLfYuzc5S6R2wthOFf1N0G L5TUwx200IoFQuGyzMnK+129RZdxOb8BcQfbX7naOqEdUdrLosqSNrJ9pbHwnlu7nxyV m32btdW3YhH8/fKuqr2Ts+HOR9tJAL4pTXa9ydLUNrGkqQNh1bNHKY57FgzWyyElgFc3 VEIg== X-Gm-Message-State: AA6/9RlFpi9IXZJC6Ob7HQS7UhrbOf+ComTTb4G+cyf8CM2f/yufxGlgj2yezRCRrttPUMfv9ROi2tV4DCGezw== X-Received: by 10.55.182.4 with SMTP id g4mr29149774qkf.120.1476098117751; Mon, 10 Oct 2016 04:15:17 -0700 (PDT) Original-Received: by 10.55.87.133 with HTTP; Mon, 10 Oct 2016 04:14:57 -0700 (PDT) In-Reply-To: <83int0ebfz.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:124297 Archived-At: On Mon, Oct 10, 2016 at 12:38 PM, Eli Zaretskii wrote: >> From: Michael Albinus >> Date: Thu, 22 Sep 2016 20:02:59 +0200 >> Cc: =C3=86var Arnfj=C3=B6r=C3=B0 Bjarmason , >> 24478@debbugs.gnu.org >> >> =C3=86var Arnfj=C3=B6r=C3=B0 Bjarmason writes: >> >> Hi, >> >> > There's a regression in 25.1 introduced by 1e04ea9 (although that seem= s >> > to also have fixed an issue): Now tramp-histfile-override is set to >> > ".tramp_history", which is good, but I would expect it to be created i= n >> > $HOME on remote hosts. >> > >> > Instead when I e.g.: >> > >> > 1. C-x C-f //ssh::/usr/local/git_tree/sysadmin/ >> > 2. Run e.g. magit to make a commit >> > 3. I end up with: >> > >> > $ echo $PWD/.tramp_history >> > /usr/local/git_tree/sysadmin/.tramp_history >> > $ wc -l !$ >> > wc -l $PWD/.tramp_history >> > 34 /usr/local/git_tree/sysadmin/.tramp_history >> >> Most of the shells I know off use the home directory, when you specify >> just the relative file name ".tramp_history". >> >> > From reading https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D20446 and >> > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D19731#56 this seems li= ke >> > an unintended bug. >> > >> > Just setting: >> > >> > (setq tramp-histfile-override "~/.tramp_history") >> > >> > Works for me. Now it's always created in ~. >> >> I have thought about this, when I was fixing bug#19731. Unfortunately, >> there exist shells which cannot expand "~/". Other shells cannot expand >> "$HOME/". So I really don't know a robust default we could offer. >> >> Maybe one should give this problem more emphasis in the Tramp >> manual. But who reads manuals? > > Michael, does the above mean this bug should be closed as wontfix? It > currently blocks a release, so I'd like to resolve this some way soon. I'm the reporter, so I obviously have a dog in this fight, but I don't think that makes sense. This whole facility introduced in the emacs-25 series still seems really broken since its introduction, and the various regressions reported have just resulted in other regressions taking their place, the latest one being discussed in this ticket. Here's a Git history showing the back & forth this has gone through: git log --reverse -p -Gtramp-histfile-override -- 'lisp/net/*tramp*.el' I might have read those commits incorrectly, but it seems to me that: * In emacs-24 there was no way to have a Tramp history file, we'd just specify a HISTFILE=3D/dev/null environment variable. * 9be1538 added an option to change that, so you could have a history file as a file, defaulting to /dev/null, but they way it was implemented caused it to unlink /dev/null, as reported in https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D19731 * So Michael patched it to make 'unset an option, which was implemented in 6f8372d, as far as I can tell at this point the facility worked the way it did in emacs-24 again. I.e. no history by default, but no regression with unlinking /dev/null * 'unset was made the default by Michael in 954ca0f, but just a few hours later this was set to t instead in c10828b, which does the same thing as 'unset according to the commit message. I.e. just an internal refactoring. This was followed-up by 24fa4ff to refactor it some more. * It was then changed from t to ".tramp_history" in 1e04ea9. The commit message says to fix https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D20446 but I don't see how it could eat the bash history if it's set to not have any history file by default. * Now because it's ".tramp_history" and not "~/.tramp_history" it gets created in random non-~ directories you open with tramp, but more importantly, and I didn't realize this in my initial report, the shell history *might be shared between multiple users*, which seems like a bad security issue. It seems to me that the best solution to this whole problem is to set it to "t" again which would return to the non-history days of emacs-24, since apparently using ~ can't be counted on. In addition, depending on the bug with history potentially being shared between users now that it's being dumped in random potentially shared FS directories they open with tramp, changing this to ".tramp_history" might have caused a security issue worth of a CVE, but I haven't investigated that, but we *certainly* went from no history by default in emacs-24 to history littered in potentially world readable directories in emacs-25. The permissions on the file itself might have mitigated data leakage in some cases, but in those cases it would have blocked other Emacs users from recording their shell history. In addition not all remote FSs tramp supports working with can be relied upon to obey HISTFILE permissions.