From: "Stefan Monnier" <monnier+gnu/emacs@rum.cs.yale.edu>
Cc: Stefan Monnier <monnier+gnu/emacs@rum.cs.yale.edu>, emacs-devel@gnu.org
Subject: Re: Dangerous: delete-file deletes current directory as root!!
Date: Sat, 12 Oct 2002 14:24:30 -0400 [thread overview]
Message-ID: <200210121824.g9CIOVu19938@rum.cs.yale.edu> (raw)
In-Reply-To: E1809eD-00052o-00@pot.cnuce.cnr.it
> > Now, I'm not sure what `delete-file' should do. Should it mimic `unlink'
> > or should it first check that it is not called on a directory ?
> Definitely the second one.
Do you mean it for all cases, or only for interactive use ?
> > Since the check would only be needed for `root' and since I don't
> > think that people should be running Emacs under root unless they really
> > mean it, I think the current code is fine.
>
> I really mean it, but that's not a reason why I should ruin my file
> system by simply making a trivial mistake, that is:
>
> M-x delete-file RET
>
> or worse, as it happened to me:
>
> M-x <up> RET
>
> > Maybe we should pop up a warning message when Emacs is started
> > as root, reminding them that it can be dangerous ?
>
> It should be no more dangerous than running a shell as root.
You say "I really mean it" but obviously you're not aware of the dangers
since you think it's no more dangerous than running a shell. You don't
realize the amount of code Emacs uses for the simplest operations
and how many hooks and tricks it provides, all of them designed for
the user's convenience but with very little thought given to the
security implications ot to the case when the user is root (and
can thus do things that would normally fail, as in your case).
Most of Emacs' elisp code is written along the lines of "let's
take care of the expected case and we'll fix the other cases
when we bump into them".
All the shells I know have been written by people who do have
security and "user might be root" in mind at least some of the
time. So it really cannot be compared.
Stefan
next prev parent reply other threads:[~2002-10-12 18:24 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-11 4:41 [root@mailserver.adm.unipi.it: Dangerous: delete-file deletes current directory as root!!] Richard Stallman
2002-10-11 19:32 ` Dangerous: delete-file deletes current directory as root!! Stefan Monnier
2002-10-11 19:44 ` Kai Großjohann
2002-10-11 23:56 ` Francesco Potorti`
2002-10-12 18:24 ` Stefan Monnier [this message]
2002-10-13 17:20 ` Francesco Potorti`
2002-10-13 22:47 ` Richard Stallman
2002-10-12 15:45 ` Richard Stallman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200210121824.g9CIOVu19938@rum.cs.yale.edu \
--to=monnier+gnu/emacs@rum.cs.yale.edu \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).