From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Signaling an error while saving files due to file-extended-attributes Date: Tue, 29 Sep 2020 20:14:02 +0300 Message-ID: <83eemkjyjp.fsf@gnu.org> References: <83sgb0k3e3.fsf@gnu.org> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="615"; mail-complaints-to="usenet@ciao.gmane.io" Cc: emacs-devel@gnu.org To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Sep 29 19:15:05 2020 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kNJDV-000AcT-0A for ged-emacs-devel@m.gmane-mx.org; Tue, 29 Sep 2020 19:15:05 +0200 Original-Received: from localhost ([::1]:33256 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kNJDU-0007Mk-1Q for ged-emacs-devel@m.gmane-mx.org; Tue, 29 Sep 2020 13:15:04 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44318) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kNJCg-0006vS-D0 for emacs-devel@gnu.org; Tue, 29 Sep 2020 13:14:14 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:41843) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kNJCf-0002SF-6J; Tue, 29 Sep 2020 13:14:13 -0400 Original-Received: from [176.228.60.248] (port=1766 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kNJCe-0002Qa-BO; Tue, 29 Sep 2020 13:14:12 -0400 In-Reply-To: (message from Paul Eggert on Tue, 29 Sep 2020 09:58:19 -0700) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:256724 Archived-At: > Cc: emacs-devel@gnu.org > From: Paul Eggert > Date: Tue, 29 Sep 2020 09:58:19 -0700 > > On 9/29/20 8:29 AM, Eli Zaretskii wrote: > > This is probably OK for the primitives that access the extended > > attributes, but what about their calls during saving a buffer to its > > file? Signaling an error there effectively prevents users from saving > > their edits in such cases, which IMO makes little sense. > > The same thing happens if file-modes signals an error, which can happen if there > is an I/O error, or if someone else has removed the file while Emacs is running, > or whatever. Surely a file-extended-attributes error should be treated like a > file-modes error? In principle, yes. However, IME file-extended-attributes is more prone to such problems because all kinds of unusual methods of mounting a volume tend to have incomplete or missing support for the extended attributes. The result is a perceived regression wrt Emacs 26, quite serious from the user's POV, given the fact that we don't have a way of disabling the copying of file-extended-attributes. > The worry about ignoring errors is that the user will create a file that > contains sensitive data but which has too-generous access permissions because we > couldn't determine permissions. So maybe some kind of warning and confirmation request is in order? And perhaps a way of disabling the extended attributes for files under directories from some list? > One possible solution would be to use the stingiest permissions on the backup > file if we cannot determine the permissions of the original. This would be mode > 700 (with no setuid etc. bits) for POSIX modes; I don't know offhand what it > would be for ACLs or for SELinux. That's the problem: I don't think the equivalent of 700 exists for the extended attributes.