From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.devel
Subject: Add NOFOLLOW flag to set-file-modes etc.
Date: Wed, 19 Feb 2020 16:51:02 -0800
Organization: UCLA Computer Science Department
Message-ID: <22f577c1-8940-4684-bc30-10927f57b2cd@cs.ucla.edu>
Reply-To: 39683@debbugs.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202";
	logging-data="65149"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.5.0
To: Emacs development discussions <emacs-devel@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Feb 20 01:52:22 2020
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1j4a4j-000GoT-B7
	for ged-emacs-devel@m.gmane-mx.org; Thu, 20 Feb 2020 01:52:21 +0100
Original-Received: from localhost ([::1]:34406 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1j4a4i-0007Ib-DZ
	for ged-emacs-devel@m.gmane-mx.org; Wed, 19 Feb 2020 19:52:20 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:54049)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <eggert@cs.ucla.edu>) id 1j4a3c-0006bS-Tq
 for emacs-devel@gnu.org; Wed, 19 Feb 2020 19:51:14 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <eggert@cs.ucla.edu>) id 1j4a3Y-0006ha-W9
 for emacs-devel@gnu.org; Wed, 19 Feb 2020 19:51:11 -0500
Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:45376)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <eggert@cs.ucla.edu>) id 1j4a3X-0006W5-Mx
 for emacs-devel@gnu.org; Wed, 19 Feb 2020 19:51:08 -0500
Original-Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 547561600A2
 for <emacs-devel@gnu.org>; Wed, 19 Feb 2020 16:51:04 -0800 (PST)
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id s7HCS0S27M7k for <emacs-devel@gnu.org>;
 Wed, 19 Feb 2020 16:51:03 -0800 (PST)
Original-Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id 81C681600A4
 for <emacs-devel@gnu.org>; Wed, 19 Feb 2020 16:51:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id MeUK4NVG6OI3 for <emacs-devel@gnu.org>;
 Wed, 19 Feb 2020 16:51:03 -0800 (PST)
Original-Received: from Penguin.CS.UCLA.EDU (Penguin.CS.UCLA.EDU [131.179.64.200])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 6505F1600A2
 for <emacs-devel@gnu.org>; Wed, 19 Feb 2020 16:51:03 -0800 (PST)
Content-Language: en-US
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 131.179.128.68
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:244990
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/244990>

Bug#39683 proposes a patch to add an optional nofollow argument to 
set-file-modes and related functions; if this flag is t, the functions 
do not follow symbolic links. This should help Emacs avoid race 
conditions where it mistakenly changes the permissions of an arbitrary 
victim file that happens to be the target of a recently-created symlink.

Since the implementation of this new argument uses the POSIX fchmodat 
function with the AT_SYMLINK_NOFOLLOW flag, some work may be needed in 
the Microsoft porting code to emulate fchmodat.

Also, packages like Tramp that have a file-modes or set-file-modes 
wrapper should be updated if possible to support the new optional flag 
if it is given. For now, the patch leaves these as FIXME comments.

This is designed to be an upward-compatible change, even though the 
default, traditional behavior of following the symbolic link is 
typically more dangerous than the new option of not following the link.

Comments welcome.

https://debbugs.gnu.org/39683