From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: master 739593d 3/5: Make gnus-copy-file act like copy-file etc.
Date: Thu, 14 Sep 2017 21:38:07 +0300
Message-ID: <83o9qdm8hc.fsf@gnu.org>
References: <20170911053128.28763.28434@vcs0.savannah.gnu.org>
	<20170911053130.C5F002068F@vcs0.savannah.gnu.org>
	<b4mr2vc3k1x.fsf@jpl.org>
	<b7492377-81d8-138d-9f91-c7ab0fc0eabf@cornell.edu>
	<b4mr2vczlva.fsf@jpl.org>
	<83fa9922-8d83-9d2f-82af-f34e90521d88@cs.ucla.edu>
	<jwvo9qddiig.fsf-monnier+gmane.emacs.devel@gnu.org>
	<8360clnrv8.fsf@gnu.org>
	<4ee490a4-c3ce-c9b7-7ef8-8e0248881de9@cs.ucla.edu>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
X-Trace: blaine.gmane.org 1505414332 10414 195.159.176.226 (14 Sep 2017 18:38:52 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 14 Sep 2017 18:38:52 +0000 (UTC)
Cc: monnier@iro.umontreal.ca, emacs-devel@gnu.org
To: Paul Eggert <eggert@cs.ucla.edu>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Sep 14 20:38:48 2017
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dsZ2F-0002Ul-NC
	for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 20:38:48 +0200
Original-Received: from localhost ([::1]:49465 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1dsZ2J-0003NU-VW
	for ged-emacs-devel@m.gmane.org; Thu, 14 Sep 2017 14:38:52 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51716)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1dsZ25-0003L9-UJ
	for emacs-devel@gnu.org; Thu, 14 Sep 2017 14:38:38 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1dsZ21-0005RG-G9
	for emacs-devel@gnu.org; Thu, 14 Sep 2017 14:38:37 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:55255)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1dsZ21-0005R2-CH; Thu, 14 Sep 2017 14:38:33 -0400
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1416
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1dsZ1y-0000Ya-O5; Thu, 14 Sep 2017 14:38:33 -0400
In-reply-to: <4ee490a4-c3ce-c9b7-7ef8-8e0248881de9@cs.ucla.edu> (message from
	Paul Eggert on Thu, 14 Sep 2017 10:59:44 -0700)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:218284
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/218284>

> Cc: emacs-devel@gnu.org
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Thu, 14 Sep 2017 10:59:44 -0700
> 
> Although perhaps someone can come up with a better idea, "Just do interactive 
> renames the way we were doing it" is not better, as it would leave interactive 
> users vulnerable to the attack. Although users may like to think that they are 
> "unpredictable" and are thus relatively invulnerable to the attack, they're not 
> really that unpredictable.

Maybe you should again describe the attack scenario.  Last time you
did, it was pretty clear to me that no bot or person can reasonably
know in advance what file or directory the user will copy/rename.