From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Francesco Potorti` Newsgroups: gmane.emacs.devel Subject: Re: Dangerous: delete-file deletes current directory as root!! Date: Sun, 13 Oct 2002 19:20:38 +0200 Sender: emacs-devel-admin@gnu.org Message-ID: References: <200210111932.g9BJWc116729@rum.cs.yale.edu> <200210121824.g9CIOVu19938@rum.cs.yale.edu> NNTP-Posting-Host: localhost.gmane.org X-Trace: main.gmane.org 1034529958 11071 127.0.0.1 (13 Oct 2002 17:25:58 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Sun, 13 Oct 2002 17:25:58 +0000 (UTC) Cc: emacs-devel@gnu.org, Stefan Monnier Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 180mV2-0002sI-00 for ; Sun, 13 Oct 2002 19:25:56 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 180nL7-00034D-00 for ; Sun, 13 Oct 2002 20:19:45 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.10) id 180mQe-0002NK-00; Sun, 13 Oct 2002 13:21:24 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10) id 180mQ1-0001Pt-00 for emacs-devel@gnu.org; Sun, 13 Oct 2002 13:20:45 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10) id 180mPy-0001O2-00 for emacs-devel@gnu.org; Sun, 13 Oct 2002 13:20:44 -0400 Original-Received: from pot.cnuce.cnr.it ([146.48.83.182]) by monty-python.gnu.org with esmtp (Exim 4.10) id 180mPx-0001Lg-00 for emacs-devel@gnu.org; Sun, 13 Oct 2002 13:20:42 -0400 Original-Received: from pot by pot.cnuce.cnr.it with local (Exim 3.36 #1 (Debian)) id 180mPu-0001Pr-00; Sun, 13 Oct 2002 19:20:38 +0200 Original-To: Stefan Monnier In-reply-to: <200210121824.g9CIOVu19938@rum.cs.yale.edu> (monnier+gnu/emacs@rum.cs.yale.edu) X-fingerprint: 4B2 6187 5C3 D6B1 2E31 7666 9DF 2DC9 BE21 6115 Errors-To: emacs-devel-admin@gnu.org X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.0.11 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: Xref: main.gmane.org gmane.emacs.devel:8547 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:8547 > > > Now, I'm not sure what `delete-file' should do. Should it mimic `unlink' > > > or should it first check that it is not called on a directory ? > > Definitely the second one. > > Do you mean it for all cases, or only for interactive use ? I mean for all cases. If we ever want to provide unlink(2) complete functionality from inside Emacs (which I am not sure it is wise), we should use a different function for that purpose. > You say "I really mean it" but obviously you're not aware of the dangers > since you think it's no more dangerous than running a shell. You don't > realize the amount of code Emacs uses for the simplest operations > and how many hooks and tricks it provides, all of them designed for > the user's convenience but with very little thought given to the > security implications ot to the case when the user is root (and > can thus do things that would normally fail, as in your case). I agree with what you say (also in the following, that I cut), but my conclusions are different, based on experience. For many years I have run Emacs as root in a dedicated text console and in a dedicated X frame, as I often do system management. While I do not do almost anything as root that I could do as a normal user, I happen to use Emacs as root daily on GNU/Linux, and this is the first time I have used it on Sun. The only difference between the two environments should be the kernel and library. In practice, I found that Emacs on GNU/Linux protects me better than the shell does, when I am acting as root.