From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: "Stefan Monnier" Newsgroups: gmane.emacs.devel Subject: Re: Dangerous: delete-file deletes current directory as root!! Date: Sat, 12 Oct 2002 14:24:30 -0400 Sender: emacs-devel-admin@gnu.org Message-ID: <200210121824.g9CIOVu19938@rum.cs.yale.edu> References: <200210111932.g9BJWc116729@rum.cs.yale.edu> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1034447287 17222 127.0.0.1 (12 Oct 2002 18:28:07 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Sat, 12 Oct 2002 18:28:07 +0000 (UTC) Cc: Stefan Monnier , emacs-devel@gnu.org Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 180Qzd-0004Te-00 for ; Sat, 12 Oct 2002 20:28:05 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 180RpG-0002A6-00 for ; Sat, 12 Oct 2002 21:21:26 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.10) id 180Qx3-0003sv-00; Sat, 12 Oct 2002 14:25:25 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10) id 180QwG-00023C-00 for emacs-devel@gnu.org; Sat, 12 Oct 2002 14:24:36 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10) id 180QwC-0001vi-00 for emacs-devel@gnu.org; Sat, 12 Oct 2002 14:24:35 -0400 Original-Received: from rum.cs.yale.edu ([128.36.229.169]) by monty-python.gnu.org with esmtp (Exim 4.10) id 180QwC-0001sN-00; Sat, 12 Oct 2002 14:24:32 -0400 Original-Received: (from monnier@localhost) by rum.cs.yale.edu (8.11.6/8.11.6) id g9CIOVu19938; Sat, 12 Oct 2002 14:24:31 -0400 X-Mailer: exmh version 2.4 06/23/2000 with nmh-1.0.4 Original-To: Francesco Potorti` Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.11 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: main.gmane.org gmane.emacs.devel:8543 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:8543 > > Now, I'm not sure what `delete-file' should do. Should it mimic `unlink' > > or should it first check that it is not called on a directory ? > Definitely the second one. Do you mean it for all cases, or only for interactive use ? > > Since the check would only be needed for `root' and since I don't > > think that people should be running Emacs under root unless they really > > mean it, I think the current code is fine. > > I really mean it, but that's not a reason why I should ruin my file > system by simply making a trivial mistake, that is: > > M-x delete-file RET > > or worse, as it happened to me: > > M-x RET > > > Maybe we should pop up a warning message when Emacs is started > > as root, reminding them that it can be dangerous ? > > It should be no more dangerous than running a shell as root. You say "I really mean it" but obviously you're not aware of the dangers since you think it's no more dangerous than running a shell. You don't realize the amount of code Emacs uses for the simplest operations and how many hooks and tricks it provides, all of them designed for the user's convenience but with very little thought given to the security implications ot to the case when the user is root (and can thus do things that would normally fail, as in your case). Most of Emacs' elisp code is written along the lines of "let's take care of the expected case and we'll fix the other cases when we bump into them". All the shells I know have been written by people who do have security and "user might be root" in mind at least some of the time. So it really cannot be compared. Stefan