unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* loop in backup-copy-buffer
@ 2007-08-21 21:59 Glenn Morris
  2007-08-22  3:15 ` Richard Stallman
  0 siblings, 1 reply; 7+ messages in thread
From: Glenn Morris @ 2007-08-21 21:59 UTC (permalink / raw)
  To: Richard Stallman; +Cc: martin rudalics, emacs-devel


You added the (potentially infinite) loop in backup-buffer-copy a few
years ago. Looks like it was adapted from make-temp-name. I can see it
might make sense to loop while trying to make a tempfile name, but was
there ever a case where this was found to be necessary when backing
up? Can we just get rid of this loop? The ChangeLog entry is not
helpful as to why such a loop might be needed.



2005-04-23  Richard M. Stallman  <rms@gnu.org>

            * files.el (read-directory-name): Always pass non-nil
            DEFAULT-FILENAME arg to read-file-name.
            (backup-buffer-copy, basic-save-buffer-2): Take care
            against writing thru an unexpected existing symlink.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
  2007-08-21 21:59 loop in backup-copy-buffer Glenn Morris
@ 2007-08-22  3:15 ` Richard Stallman
  2007-08-22  3:55   ` Glenn Morris
  2007-08-23 21:18   ` Stefan Monnier
  0 siblings, 2 replies; 7+ messages in thread
From: Richard Stallman @ 2007-08-22  3:15 UTC (permalink / raw)
  To: Glenn Morris; +Cc: rudalics, emacs-devel

    You added the (potentially infinite) loop in backup-buffer-copy a few
    years ago. Looks like it was adapted from make-temp-name. I can see it
    might make sense to loop while trying to make a tempfile name, but was
    there ever a case where this was found to be necessary when backing
    up?

In make-temp-name, this is needed because of possible race conditions.
I think there is also a possible race condition for making backup files,
and that's why I put something similar here.

I won't say I am absolutely certain it is necessary,
but don't remove it just because you don't see the issue!
If you can prove this carefulness is not necessary,
well and good, we can remove it.  Otherwise, we should fix it,
not remove it.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
  2007-08-22  3:15 ` Richard Stallman
@ 2007-08-22  3:55   ` Glenn Morris
  2007-08-23 21:18   ` Stefan Monnier
  1 sibling, 0 replies; 7+ messages in thread
From: Glenn Morris @ 2007-08-22  3:55 UTC (permalink / raw)
  To: rms; +Cc: rudalics, emacs-devel

Richard Stallman wrote:

> In make-temp-name, this is needed because of possible race
> conditions. I think there is also a possible race condition for
> making backup files, and that's why I put something similar here.
>
> I won't say I am absolutely certain it is necessary, but don't
> remove it just because you don't see the issue! If you can prove
> this carefulness is not necessary, well and good, we can remove it.

I don't want to get into that, so I installed the minimum fix for the
bug that prompted this.

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
  2007-08-22  3:15 ` Richard Stallman
  2007-08-22  3:55   ` Glenn Morris
@ 2007-08-23 21:18   ` Stefan Monnier
  2007-08-24 16:10     ` Richard Stallman
  1 sibling, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2007-08-23 21:18 UTC (permalink / raw)
  To: rms; +Cc: Glenn Morris, emacs-devel, rudalics

>     You added the (potentially infinite) loop in backup-buffer-copy a few
>     years ago. Looks like it was adapted from make-temp-name. I can see it
>     might make sense to loop while trying to make a tempfile name, but was
>     there ever a case where this was found to be necessary when backing
>     up?

> In make-temp-name, this is needed because of possible race conditions.
> I think there is also a possible race condition for making backup files,
> and that's why I put something similar here.

The problem with make-temp-name is not just a race-condition but that the
race-condition introduces a security hole.  I don't think the same holds for
backup files since they must have predicate names.


        Stefan

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
  2007-08-23 21:18   ` Stefan Monnier
@ 2007-08-24 16:10     ` Richard Stallman
  2007-08-24 17:42       ` Stefan Monnier
  0 siblings, 1 reply; 7+ messages in thread
From: Richard Stallman @ 2007-08-24 16:10 UTC (permalink / raw)
  To: Stefan Monnier; +Cc: rgm, emacs-devel, rudalics

    The problem with make-temp-name is not just a race-condition but that the
    race-condition introduces a security hole.  I don't think the same holds for
    backup files since they must have predicate names.

You might be right -- I am not sure -- but what are predicate names?

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
  2007-08-24 16:10     ` Richard Stallman
@ 2007-08-24 17:42       ` Stefan Monnier
  2007-08-25 20:52         ` Richard Stallman
  0 siblings, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2007-08-24 17:42 UTC (permalink / raw)
  To: rms; +Cc: rgm, emacs-devel, rudalics

>     The problem with make-temp-name is not just a race-condition but that
>     the race-condition introduces a security hole.  I don't think the same
>     holds for backup files since they must have predicate names.

> You might be right -- I am not sure -- but what are predicate names?

They're typos.  I meant "predictable names".  The fact that the names have
to be predictable means that the looping trick is not a solution and that
a different solution needs to be used, typically by storing those files in
directories that are not world-writable (which is indeed the case for
backup files and if not, they do not present any additional danger compared
to the original file since they're in the same directory anyway).


        Stefan

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
  2007-08-24 17:42       ` Stefan Monnier
@ 2007-08-25 20:52         ` Richard Stallman
  0 siblings, 0 replies; 7+ messages in thread
From: Richard Stallman @ 2007-08-25 20:52 UTC (permalink / raw)
  To: Stefan Monnier; +Cc: rgm, emacs-devel, rudalics

I wish I could recall the specific reason why I thought this
problem applied to backup files.  I don't recall it now.

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-08-25 20:52 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-21 21:59 loop in backup-copy-buffer Glenn Morris
2007-08-22  3:15 ` Richard Stallman
2007-08-22  3:55   ` Glenn Morris
2007-08-23 21:18   ` Stefan Monnier
2007-08-24 16:10     ` Richard Stallman
2007-08-24 17:42       ` Stefan Monnier
2007-08-25 20:52         ` Richard Stallman

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).