From: Eli Zaretskii <eliz@gnu.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: emacs-devel@gnu.org
Subject: Re: Signaling an error while saving files due to file-extended-attributes
Date: Tue, 29 Sep 2020 20:14:02 +0300 [thread overview]
Message-ID: <83eemkjyjp.fsf@gnu.org> (raw)
In-Reply-To: <ea905277-f962-3623-d722-bf02b39bb773@cs.ucla.edu> (message from Paul Eggert on Tue, 29 Sep 2020 09:58:19 -0700)
> Cc: emacs-devel@gnu.org
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Tue, 29 Sep 2020 09:58:19 -0700
>
> On 9/29/20 8:29 AM, Eli Zaretskii wrote:
> > This is probably OK for the primitives that access the extended
> > attributes, but what about their calls during saving a buffer to its
> > file? Signaling an error there effectively prevents users from saving
> > their edits in such cases, which IMO makes little sense.
>
> The same thing happens if file-modes signals an error, which can happen if there
> is an I/O error, or if someone else has removed the file while Emacs is running,
> or whatever. Surely a file-extended-attributes error should be treated like a
> file-modes error?
In principle, yes. However, IME file-extended-attributes is more
prone to such problems because all kinds of unusual methods of
mounting a volume tend to have incomplete or missing support for the
extended attributes. The result is a perceived regression wrt Emacs
26, quite serious from the user's POV, given the fact that we don't
have a way of disabling the copying of file-extended-attributes.
> The worry about ignoring errors is that the user will create a file that
> contains sensitive data but which has too-generous access permissions because we
> couldn't determine permissions.
So maybe some kind of warning and confirmation request is in order?
And perhaps a way of disabling the extended attributes for files under
directories from some list?
> One possible solution would be to use the stingiest permissions on the backup
> file if we cannot determine the permissions of the original. This would be mode
> 700 (with no setuid etc. bits) for POSIX modes; I don't know offhand what it
> would be for ACLs or for SELinux.
That's the problem: I don't think the equivalent of 700 exists for the
extended attributes.
next prev parent reply other threads:[~2020-09-29 17:14 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-29 15:29 Signaling an error while saving files due to file-extended-attributes Eli Zaretskii
2020-09-29 16:58 ` Paul Eggert
2020-09-29 17:14 ` Eli Zaretskii [this message]
2020-09-29 20:23 ` Paul Eggert
2020-09-30 14:43 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83eemkjyjp.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=eggert@cs.ucla.edu \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).