From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Ted Zlatanov Newsgroups: gmane.emacs.bugs Subject: bug#15866: Gnutls elisp code doesn't properly check for file existence Date: Tue, 12 Nov 2013 14:41:20 -0500 Organization: =?UTF-8?Q?=D0=A2=D0=B5=D0=BE=D0=B4=D0=BE=D1=80_?= =?UTF-8?Q?=D0=97=D0=BB=D0=B0=D1=82=D0=B0=D0=BD=D0=BE=D0=B2?= @ Cienfuegos Message-ID: <87mwl9h0gv.fsf@flea.lifelogs.com> References: <21121.29752.814965.329395@consult.pretender> <83ob5p1pgd.fsf@gnu.org> <21122.28580.612896.572445@consult.pretender> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1384285280 17334 80.91.229.3 (12 Nov 2013 19:41:20 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 12 Nov 2013 19:41:20 +0000 (UTC) Cc: 15866@debbugs.gnu.org To: Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Nov 12 20:41:25 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VgJpv-00005m-1f for geb-bug-gnu-emacs@m.gmane.org; Tue, 12 Nov 2013 20:41:19 +0100 Original-Received: from localhost ([::1]:44901 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VgJpu-0007eq-F8 for geb-bug-gnu-emacs@m.gmane.org; Tue, 12 Nov 2013 14:41:18 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48818) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VgJpl-0007e3-En for bug-gnu-emacs@gnu.org; Tue, 12 Nov 2013 14:41:14 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VgJpg-0004Uz-3z for bug-gnu-emacs@gnu.org; Tue, 12 Nov 2013 14:41:09 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:35125) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VgJpg-0004Uu-03 for bug-gnu-emacs@gnu.org; Tue, 12 Nov 2013 14:41:04 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1VgJpf-0002lE-Dj for bug-gnu-emacs@gnu.org; Tue, 12 Nov 2013 14:41:03 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Ted Zlatanov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 12 Nov 2013 19:41:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 15866 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 15866-submit@debbugs.gnu.org id=B15866.138428525310596 (code B ref 15866); Tue, 12 Nov 2013 19:41:03 +0000 Original-Received: (at 15866) by debbugs.gnu.org; 12 Nov 2013 19:40:53 +0000 Original-Received: from localhost ([127.0.0.1]:49144 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VgJpT-0002kp-Lf for submit@debbugs.gnu.org; Tue, 12 Nov 2013 14:40:52 -0500 Original-Received: from mail-qc0-f181.google.com ([209.85.216.181]:47506) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VgJpM-0002kS-Eh for 15866@debbugs.gnu.org; Tue, 12 Nov 2013 14:40:45 -0500 Original-Received: by mail-qc0-f181.google.com with SMTP id w4so5365411qcr.40 for <15866@debbugs.gnu.org>; Tue, 12 Nov 2013 11:40:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=XhSYEteCuNFJMB7dYFg66T0Bafs2jatjeJwbLhD0wrk=; b=QpxFTlNP10gk0dW7l5V5YzG8NsAsF61O8llpm3vdryDTMxQhZOpd6WBzWYDVDOtNWv fZKLo8S7EaYsUiX1snKzsc13eA2zdrARrDYtSpZGSdTRjnvLC2qAgy4gTn962+4myzrs kpVvB7fd/NYJFY+M2GiACkE70qOtQvOKfqA8c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=XhSYEteCuNFJMB7dYFg66T0Bafs2jatjeJwbLhD0wrk=; b=MJWfP7UCm52W/PX4WM1I/mIKo3KmGk4Mz8uxHvrA/a2SR4N9GDXwuy6ZEJWp8CtAIr ZV+zZshGHLmmz/opWRRs8bnfxTDX+69Y20/OiA6R2hSqRi5nXR7IKpwTHH+NK3YhZWUX awR/roGUMB9rWc8SxWiKNcqNEqwTHh3+tYjEvH/m1G/z3ZlhhFFwb5WUzm3NxaAFZsmp xi8Y3cJZewozLEF5yQv+uCJWCGKkJ49dz2xZx6p5nboXjmXVnVxFo9DoiaFTnAAwyn2j SgmppvW79DmLH/nIFuQGfjh+vaI9nWiAnVcK3oPVOQq45vIeioFCj/Pl6iDklVfo9ScF 6CYA== X-Gm-Message-State: ALoCoQku0IqpRK5L/G15YBzxycB4l7CuP5FfsRN/8gpAgChWk8vQtgvS/mX5Jg+7We6CwgcVBBW+ X-Received: by 10.229.101.136 with SMTP id c8mr59305157qco.17.1384285238732; Tue, 12 Nov 2013 11:40:38 -0800 (PST) Original-Received: from flea.lifelogs.com (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id h9sm73845652qaq.9.2013.11.12.11.40.37 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Nov 2013 11:40:38 -0800 (PST) X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes In-Reply-To: <21122.28580.612896.572445@consult.pretender> (emacs@kosowsky.org's message of "Tue, 12 Nov 2013 13:12:52 -0500") User-Agent: Gnus/5.130008 (Ma Gnus v0.8) Emacs/24.3.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:80342 Archived-At: On Tue, 12 Nov 2013 13:12:52 -0500 wrote: > Eli Zaretskii wrote at about 19:48:18 +0200 on Tuesday, November 12, 2013: >> > Date: Mon, 11 Nov 2013 19:20:08 -0500 >> > From: "" >> > >> > i] If the function 'expand-file-name' has an associated magic file >> > handler, the function expand-file-name is called to convert it "to >> > absolute, and canonicalize it" (quoted from the function >> > definition). >> > >> > ii] The test for file-exists-p is then wrapped in a 'let' construct >> > with file-name-handler-alist set to nil. This effectively shuts >> > off magic file handling and ensures that file-exists-p now checks >> > for true OS existence of the now potentially expanded path. >> > >> > iii]The function gnutls-trustfiles is now assured that it will be >> > passed an OS-valid path. >> >> Thanks. >> >> As I wrote elsewhere, I agree that gnutls.el should ignore file >> handlers when it looks for certificate files. >> >> But then _not_ ignoring the expand-file-name handler makes little >> sense to me: the result could exist as a local file name that has no >> relation whatsoever to certificates, which will again fail in strange >> ways inside the GnuTLS library. >> >> So I think we should do ii], but not i]. > As I mentioned many times, I would find that an acceptable even if > minimal and non-ideal (for me) solution - provided that it also were > documented in the elisp file and probably also in the > gnutls-trustfiles variable that magic file handling is shut off for > this variable. I am ok with that. Great. Could you test and submit the patch with just that piece [ii] and I'll commit it, then add the documentation? > I also think that the following two usability messages should be > added: > 1. Warning message (but perhaps not error) triggered if no elements of > gnutls-trustfiles are valid files Good idea, I'll add it with the docs. > 2. Trapping of error if for some reason file-exists-p shows the file > to exist but for some reason gnutls still can't access it. I'm not sure this should be trapped at that level. It feels like something that should be bounced up to the user, as it could indicate serious system problems or some suspicious (possibly malicious) tinkering with the file calls. >> Btw, I think many Emacs packages don't make sense with remote files, >> so they should also ignore file handlers. IOW, this is not specific >> to gnutls.el. Right, hence my concern about doing these fixes just for gnutls.el. It seems like a general problem. Ted