From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#27986: 26.0.50; 'rename-file' can rename files without confirmation Date: Wed, 16 Aug 2017 20:30:44 +0300 Message-ID: <83efsbfmij.fsf@gnu.org> References: <61980dde-3d68-7200-e7f4-98f62e410060@cs.ucla.edu> <1002ee73-0ab5-409b-831f-0c283c322264@cs.ucla.edu> <83o9rignt6.fsf@gnu.org> <83d17whl72.fsf@gnu.org> <8e6de468-600c-4f2d-a21a-c2ff3a63d065@cs.ucla.edu> <83zib0g221.fsf@gnu.org> <2bb4b7ee-6bf9-df3d-5cd8-ae7992b9f2e7@cs.ucla.edu> <83wp64fdc4.fsf@gnu.org> <83valnfv9u.fsf@gnu.org> <7f0c12f6-57eb-63b9-c296-e062cbf0710c@cs.ucla.edu> <83o9rffqfp.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: blaine.gmane.org X-Trace: blaine.gmane.org 1502904745 5965 195.159.176.226 (16 Aug 2017 17:32:25 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 16 Aug 2017 17:32:25 +0000 (UTC) Cc: p.stephani2@gmail.com, 27986@debbugs.gnu.org, rms@gnu.org To: Paul Eggert , John Wiegley , Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Aug 16 19:32:19 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1di2As-0000iT-1E for geb-bug-gnu-emacs@m.gmane.org; Wed, 16 Aug 2017 19:32:10 +0200 Original-Received: from localhost ([::1]:34539 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1di2Ay-0002mi-75 for geb-bug-gnu-emacs@m.gmane.org; Wed, 16 Aug 2017 13:32:16 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53012) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1di2Ao-0002k4-IS for bug-gnu-emacs@gnu.org; Wed, 16 Aug 2017 13:32:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1di2Ak-0008V9-27 for bug-gnu-emacs@gnu.org; Wed, 16 Aug 2017 13:32:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:60998) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1di2Aj-0008Uy-UX for bug-gnu-emacs@gnu.org; Wed, 16 Aug 2017 13:32:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1di2Aj-0001wX-LV for bug-gnu-emacs@gnu.org; Wed, 16 Aug 2017 13:32:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 16 Aug 2017 17:32:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27986 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 27986-submit@debbugs.gnu.org id=B27986.15029046817418 (code B ref 27986); Wed, 16 Aug 2017 17:32:01 +0000 Original-Received: (at 27986) by debbugs.gnu.org; 16 Aug 2017 17:31:21 +0000 Original-Received: from localhost ([127.0.0.1]:41446 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1di2A5-0001va-7W for submit@debbugs.gnu.org; Wed, 16 Aug 2017 13:31:21 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:33437) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1di2A3-0001vM-Pt for 27986@debbugs.gnu.org; Wed, 16 Aug 2017 13:31:20 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1di29x-0007jc-PB for 27986@debbugs.gnu.org; Wed, 16 Aug 2017 13:31:14 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59814) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1di29q-0007bU-IH; Wed, 16 Aug 2017 13:31:06 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2884 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1di29j-0001IL-Dv; Wed, 16 Aug 2017 13:30:59 -0400 In-reply-to: (message from Paul Eggert on Wed, 16 Aug 2017 10:19:35 -0700) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:135833 Archived-At: > Cc: p.stephani2@gmail.com, 27986@debbugs.gnu.org > From: Paul Eggert > Date: Wed, 16 Aug 2017 10:19:35 -0700 > > > What's more, some of the use cases will not even > > signal an error after the change, they will instead silently do > > something different from the previous versions, which is really bad. > > This should be quite rare. The only scenario I see matching your concern is if > the source is a directory, the destination is not a directory name but is an > empty directory and is not a symlink, and the destination is not a descendant of > the source. Although not impossible, this will happen so rarely that it doesn't > invalidate the proposed change. I don't think we know how rare that is. And if it is very rare, I'm not sure it's better, because it means such problems might go unnoticed and/or unfixed for years. > I've looked at this issue fairly carefully, and I'm afraid the solution I've > proposed is the best way forward if we want to close the security hole in Emacs. Let's hear more opinions, okay?