From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gustavo Barros Newsgroups: gmane.emacs.bugs Subject: bug#58781: 28.2; move-file-to-trash may move file across filesystems Date: Tue, 25 Oct 2022 17:00:37 -0300 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19931"; mail-complaints-to="usenet@ciao.gmane.io" To: 58781@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Oct 25 22:04:41 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1onQAD-0004xB-1j for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 25 Oct 2022 22:04:41 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1onQ6o-0001wd-VU; Tue, 25 Oct 2022 16:01:11 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onQ6i-0001YY-BD for bug-gnu-emacs@gnu.org; Tue, 25 Oct 2022 16:01:05 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1onQ6g-0000j9-EJ for bug-gnu-emacs@gnu.org; Tue, 25 Oct 2022 16:01:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1onQ6g-0004zf-8n for bug-gnu-emacs@gnu.org; Tue, 25 Oct 2022 16:01:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Gustavo Barros Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 25 Oct 2022 20:01:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 58781 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.166672805819175 (code B ref -1); Tue, 25 Oct 2022 20:01:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 25 Oct 2022 20:00:58 +0000 Original-Received: from localhost ([127.0.0.1]:52464 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1onQ6c-0004zC-7e for submit@debbugs.gnu.org; Tue, 25 Oct 2022 16:00:58 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:44696) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1onQ6a-0004z5-8K for submit@debbugs.gnu.org; Tue, 25 Oct 2022 16:00:56 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1onQ6Z-0001PH-SZ for bug-gnu-emacs@gnu.org; Tue, 25 Oct 2022 16:00:55 -0400 Original-Received: from mail-pg1-x534.google.com ([2607:f8b0:4864:20::534]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1onQ6Y-0000gd-7u for bug-gnu-emacs@gnu.org; Tue, 25 Oct 2022 16:00:55 -0400 Original-Received: by mail-pg1-x534.google.com with SMTP id g129so10941232pgc.7 for ; Tue, 25 Oct 2022 13:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ZRVZ/i7RBwu6mrlCP0oMaiiQGSlasFpCAVhKdL+/6/g=; b=m+8xOefeGgwOtBG/4JGhMp/SHd2wgkGbAzbvwBPxraTSN73pfSESZ1bwpE6OHKxdnH pg9+7nzzcD4ffronyWUpTbZs0nZg8R0n73EMMV/UgmO1dOyBc7oDAFU2C0uwEoftOcfG vy4mqEPeQixpHsZUw/cJNUhyFWMAkVEQ4NOjhELb/pM4AlNIKiLOyo7ZTEqOr+YK9/dG vwB38aNKSlUPqD9Wvd7Ryv2nitMW5oETDXZJoZRjE08rqnw3y8vRbBg2V80W80lcvfYn Z9mmbOSSI+0HNyX6c1NGWo+BCwur6LTEWtwRTDy98rpZnF3BYkL6sEaxjqO+Zc0TZOib 02cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ZRVZ/i7RBwu6mrlCP0oMaiiQGSlasFpCAVhKdL+/6/g=; b=msvZroeclSrXWQCHYUTkO5r382lio/RkbyBQis+WdfIcmWQD8BaoBa2mC7jsAGRF5g llgLi4CMyRve65aN2lfzLZN0/AVQ/Oym06FoOwknFYnobAIwH6Iqr/4jpYZnCCjr67ry aXZy30laBqWADz1nf33FGH1UTNmYAruWpTyR+EmX3bDaleIIWbHMRjRA9NrTu/tiIkyo T+s8HdxnVI8wcgPRmKt9qmY5BNf+rJ8IK2rFTSR0+90DnF0DcwXy4fVzhisxmOlzXLF/ XHFDFtkze8xOApn7GQ45U0pmxi+u2HRsYedIt3ROGrTmve16jj+C5fTE0fm7YLJliLWD CN5Q== X-Gm-Message-State: ACrzQf0N/mKv+bAIFTX3W48JNky8iMOvenVG8s5MatQyfGxsKY2ZVCl+ pJnTeaKRbO95vc3q4qP1lYZICDA7ju0bIRWHNLZfW/0wK3c9bQ== X-Google-Smtp-Source: AMsMyM5DY4fyF/ybWou2UiYP50Outur9a3J1jb093wuS37EF1gbHTV7FeE83rYN/wkLLJwQFNwM60Yw1TbeDKotms6o= X-Received: by 2002:a05:6a00:3249:b0:565:fc2c:ad79 with SMTP id bn9-20020a056a00324900b00565fc2cad79mr40081380pfb.72.1666728049135; Tue, 25 Oct 2022 13:00:49 -0700 (PDT) Received-SPF: pass client-ip=2607:f8b0:4864:20::534; envelope-from=gtvbrs@gmail.com; helo=mail-pg1-x534.google.com X-Spam_score_int: -10 X-Spam_score: -1.1 X-Spam_bar: - X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.999, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: "bug-gnu-emacs" Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:246171 Archived-At: Hi All, I'm trying to investigate bug#58721 (https://lists.gnu.org/archive/html/bug-gnu-emacs/2022-10/msg01987.html), couldn't figure it out yet, but in the process of doing so, I've found another issue. Namely, that `move-file-to-trash' may move the file across filesystems with some undesired implications, including potential security risk. This happens because, for the case using the freedesktop.org method, in setting trash directory, the procedure is the following: (xdg-data-dir (directory-file-name (expand-file-name "Trash" (or (getenv "XDG_DATA_HOME") "~/.local/share")))) There's no provision to check whether `xdg-data-dir' belongs to the same filesystem (partition) as the file being moved there. As a result, the `move-file-to-trash' may move the file across filesystems. Indeed, I've tested it and, if you are trashing a file from a different partition, it ends in "~/.local/share" regardless. This is a problem for at least two reasons. First, what should be a cheap operation, a simple "rename", can become very costly if what is being trashed is large, because now the file has to be physically moved. Second, it may be a security risk. It certainly is for my setup, for example. It involves two partitions, one for the operating system, unencrypted, which includes "/home/username/", and another one, luks encrypted, where I keep my user files, and which is symlinked to "/home/username/". So, trashing a file from dired, with such a setup, results in the files being stored unencrypted, when they shouldn't. I wouldn't say there's nothing much peculiar in this setup, it is certainly legitimate. I'm not sure what's the standard expected behavior (I suppose the freedesktop.org specs for it). But my distro's file manager (which happens to be `nemo' from Linux Mint) certainly does not do that. It sends such files to a different trash directory at the root of the other partition's mount point. Best regards, Gustavo.