* loop in backup-copy-buffer
@ 2007-08-21 21:59 Glenn Morris
2007-08-22 3:15 ` Richard Stallman
0 siblings, 1 reply; 7+ messages in thread
From: Glenn Morris @ 2007-08-21 21:59 UTC (permalink / raw)
To: Richard Stallman; +Cc: martin rudalics, emacs-devel
You added the (potentially infinite) loop in backup-buffer-copy a few
years ago. Looks like it was adapted from make-temp-name. I can see it
might make sense to loop while trying to make a tempfile name, but was
there ever a case where this was found to be necessary when backing
up? Can we just get rid of this loop? The ChangeLog entry is not
helpful as to why such a loop might be needed.
2005-04-23 Richard M. Stallman <rms@gnu.org>
* files.el (read-directory-name): Always pass non-nil
DEFAULT-FILENAME arg to read-file-name.
(backup-buffer-copy, basic-save-buffer-2): Take care
against writing thru an unexpected existing symlink.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
2007-08-21 21:59 loop in backup-copy-buffer Glenn Morris
@ 2007-08-22 3:15 ` Richard Stallman
2007-08-22 3:55 ` Glenn Morris
2007-08-23 21:18 ` Stefan Monnier
0 siblings, 2 replies; 7+ messages in thread
From: Richard Stallman @ 2007-08-22 3:15 UTC (permalink / raw)
To: Glenn Morris; +Cc: rudalics, emacs-devel
You added the (potentially infinite) loop in backup-buffer-copy a few
years ago. Looks like it was adapted from make-temp-name. I can see it
might make sense to loop while trying to make a tempfile name, but was
there ever a case where this was found to be necessary when backing
up?
In make-temp-name, this is needed because of possible race conditions.
I think there is also a possible race condition for making backup files,
and that's why I put something similar here.
I won't say I am absolutely certain it is necessary,
but don't remove it just because you don't see the issue!
If you can prove this carefulness is not necessary,
well and good, we can remove it. Otherwise, we should fix it,
not remove it.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
2007-08-22 3:15 ` Richard Stallman
@ 2007-08-22 3:55 ` Glenn Morris
2007-08-23 21:18 ` Stefan Monnier
1 sibling, 0 replies; 7+ messages in thread
From: Glenn Morris @ 2007-08-22 3:55 UTC (permalink / raw)
To: rms; +Cc: rudalics, emacs-devel
Richard Stallman wrote:
> In make-temp-name, this is needed because of possible race
> conditions. I think there is also a possible race condition for
> making backup files, and that's why I put something similar here.
>
> I won't say I am absolutely certain it is necessary, but don't
> remove it just because you don't see the issue! If you can prove
> this carefulness is not necessary, well and good, we can remove it.
I don't want to get into that, so I installed the minimum fix for the
bug that prompted this.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
2007-08-22 3:15 ` Richard Stallman
2007-08-22 3:55 ` Glenn Morris
@ 2007-08-23 21:18 ` Stefan Monnier
2007-08-24 16:10 ` Richard Stallman
1 sibling, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2007-08-23 21:18 UTC (permalink / raw)
To: rms; +Cc: Glenn Morris, emacs-devel, rudalics
> You added the (potentially infinite) loop in backup-buffer-copy a few
> years ago. Looks like it was adapted from make-temp-name. I can see it
> might make sense to loop while trying to make a tempfile name, but was
> there ever a case where this was found to be necessary when backing
> up?
> In make-temp-name, this is needed because of possible race conditions.
> I think there is also a possible race condition for making backup files,
> and that's why I put something similar here.
The problem with make-temp-name is not just a race-condition but that the
race-condition introduces a security hole. I don't think the same holds for
backup files since they must have predicate names.
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
2007-08-23 21:18 ` Stefan Monnier
@ 2007-08-24 16:10 ` Richard Stallman
2007-08-24 17:42 ` Stefan Monnier
0 siblings, 1 reply; 7+ messages in thread
From: Richard Stallman @ 2007-08-24 16:10 UTC (permalink / raw)
To: Stefan Monnier; +Cc: rgm, emacs-devel, rudalics
The problem with make-temp-name is not just a race-condition but that the
race-condition introduces a security hole. I don't think the same holds for
backup files since they must have predicate names.
You might be right -- I am not sure -- but what are predicate names?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
2007-08-24 16:10 ` Richard Stallman
@ 2007-08-24 17:42 ` Stefan Monnier
2007-08-25 20:52 ` Richard Stallman
0 siblings, 1 reply; 7+ messages in thread
From: Stefan Monnier @ 2007-08-24 17:42 UTC (permalink / raw)
To: rms; +Cc: rgm, emacs-devel, rudalics
> The problem with make-temp-name is not just a race-condition but that
> the race-condition introduces a security hole. I don't think the same
> holds for backup files since they must have predicate names.
> You might be right -- I am not sure -- but what are predicate names?
They're typos. I meant "predictable names". The fact that the names have
to be predictable means that the looping trick is not a solution and that
a different solution needs to be used, typically by storing those files in
directories that are not world-writable (which is indeed the case for
backup files and if not, they do not present any additional danger compared
to the original file since they're in the same directory anyway).
Stefan
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: loop in backup-copy-buffer
2007-08-24 17:42 ` Stefan Monnier
@ 2007-08-25 20:52 ` Richard Stallman
0 siblings, 0 replies; 7+ messages in thread
From: Richard Stallman @ 2007-08-25 20:52 UTC (permalink / raw)
To: Stefan Monnier; +Cc: rgm, emacs-devel, rudalics
I wish I could recall the specific reason why I thought this
problem applied to backup files. I don't recall it now.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2007-08-25 20:52 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-21 21:59 loop in backup-copy-buffer Glenn Morris
2007-08-22 3:15 ` Richard Stallman
2007-08-22 3:55 ` Glenn Morris
2007-08-23 21:18 ` Stefan Monnier
2007-08-24 16:10 ` Richard Stallman
2007-08-24 17:42 ` Stefan Monnier
2007-08-25 20:52 ` Richard Stallman
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).