From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Arthur Miller <arthur.miller@live.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Easy configuration of a site-lisp directory
Date: Sat, 21 Aug 2021 21:10:22 +0200
Message-ID: <AM9PR09MB49777B3453C4B126EF02011D96C29@AM9PR09MB4977.eurprd09.prod.outlook.com>
References: <87y29cj65y.fsf@posteo.net> <871r6pu6pc.fsf@posteo.net>
 <AM9PR09MB4977AA9A9B60D028623C50F196C09@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <AM9PR09MB497767A92C0D2DB6FD30144996C09@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <AM9PR09MB49772C15FEFCB56797C84FD796C09@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <87v941hz9o.fsf@posteo.net>
 <AM9PR09MB49776830CD29D4F42AD9AD4896C19@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <AM9PR09MB49776F24C79C33EEF4F61E4796C19@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <jwv7dgfpnns.fsf-monnier+emacs@gnu.org>
 <AM9PR09MB49779361FDD41D2D3BFD308496C29@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <AM9PR09MB497749605BFC01133688C41096C29@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <83sfz3z4gm.fsf@gnu.org>
 <AM9PR09MB49776B4FC43979608F86DC4996C29@AM9PR09MB4977.eurprd09.prod.outlook.com>
 <831r6mzwov.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="11980"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: philipk@posteo.net, monnier@iro.umontreal.ca, emacs-devel@gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat Aug 21 21:16:19 2021
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mHWTa-0002r3-3C
	for ged-emacs-devel@m.gmane-mx.org; Sat, 21 Aug 2021 21:16:19 +0200
Original-Received: from localhost ([::1]:34272 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1mHWTY-0002cq-0t
	for ged-emacs-devel@m.gmane-mx.org; Sat, 21 Aug 2021 15:16:16 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:44182)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <arthur.miller@live.com>)
 id 1mHWO1-0000Ai-VX
 for emacs-devel@gnu.org; Sat, 21 Aug 2021 15:10:33 -0400
Original-Received: from mail-oln040092069011.outbound.protection.outlook.com
 ([40.92.69.11]:16254 helo=EUR02-VE1-obe.outbound.protection.outlook.com)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <arthur.miller@live.com>)
 id 1mHWNv-000552-RU; Sat, 21 Aug 2021 15:10:33 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=czZOWbXWKw1MbuhvgeFhFqTm83OaxE0FlvrcO5qIxFsBCvhjv/kKwwVERfCJrb4pMFxABEq5kgg3hsTdfX86JeOaCygY8WLZXPRkZFLduZivJ0z6M6Zr4DSxgMKdTrJV1+4pUzKZOq0dGXo+SQOkyqxRMagP6IHtX5AZ0Sm/9RQdENfMY3MISF+aW9R7mDg4t7jit6EsmdEMz/gVfgseQRbujwqNa6txWpqyKXrhWOhBu9m8iuasRwV8CuiYz1jlG42lgd+0uuuWkuK+IHzpuqyb5epHxgm4J1v5BGm5gREt3AgTUTgu9lk4S9xqj33tUzhYPQr0WVK5ZDStlj6dsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Cvs7QwzaOu8J/yo1WegK0Z1q2Zx1aDZFJRFsr/8VU58=;
 b=NW82JvNuiFo5VEY59bCrz5Ejhz1VC6hlxrZubbMU2uF/ePxY0mj56UXDGE5cOiFupRhfUDCB4O6ozXFz/+mvYUUkFmpSGmt90EcyMJatotalW/EB+au5K7/TMkA08TLySAmOLFoH7CsaQ4j1w/Rw5WknSX/fw8erVy5NUJgFAF3DTB2X44NSO4zOIkK+rHpQwwdYx3C3+BNhqPZsOZEXkSC/7k08v0xk6EPi/RCjAWy67+RgLUAHvbmqRFz7j78AcrkABvzLnagvu4xBEpV0y0l38BtmTVCP/1SjvxIUIz8Tovfz8sf4Hxbywz5vy6lBqJHxWaz+Ra0YRX9O5ZYjRQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; 
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Cvs7QwzaOu8J/yo1WegK0Z1q2Zx1aDZFJRFsr/8VU58=;
 b=Qxi6TOi72HAKJ5spm9rEFVJj9oWbL8D4L6joEncxWAmdfeqeYEbpJHcw+QnPkuBaakbFi5gR1yo3L3YCgKGUFJvjLw9hCIH+VzLtakK49wW+qiwb4SDILQc44h4GhMk0zA4KS6tYCCDMkZDo/ragsDCBiyRFzzr+R9UTt8UsUjckSK50BY0uCsqSr3yRyhj94sesFQaKfZI0PA8EafTqw31sw0LGN9/d3jPcO2kqcrrRy8ES12s/pNIkHd5NZyzXRtYsA8Zvst/XvcVSpJYAedSO5NShOCVoN87qjm2n2CjrrTs2WtxIfLrA5CHdfYU9nMeM7irGGFcOR19kQ29aQw==
Original-Received: from HE1EUR02FT045.eop-EUR02.prod.protection.outlook.com
 (2a01:111:e400:7e1d::50) by
 HE1EUR02HT218.eop-EUR02.prod.protection.outlook.com (2a01:111:e400:7e1d::296)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19; Sat, 21 Aug
 2021 19:10:23 +0000
Original-Received: from AM9PR09MB4977.eurprd09.prod.outlook.com
 (2a01:111:e400:7e1d::4a) by HE1EUR02FT045.mail.protection.outlook.com
 (2a01:111:e400:7e1d::494) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend
 Transport; Sat, 21 Aug 2021 19:10:23 +0000
X-IncomingTopHeaderMarker: OriginalChecksum:B4A505C0AABB7A556D09779844F3C81C9BBB5DDBCE3E9C93999ADF2AC768D889;
 UpperCasedChecksum:F8F0EBE9BAE1FAE89B009124CA4A66027EC7C28E115E98B4113F7BE00084DE28;
 SizeAsReceived:8246; Count:46
Original-Received: from AM9PR09MB4977.eurprd09.prod.outlook.com
 ([fe80::6558:f201:6d1a:3f39]) by AM9PR09MB4977.eurprd09.prod.outlook.com
 ([fe80::6558:f201:6d1a:3f39%2]) with mapi id 15.20.4436.023; Sat, 21 Aug 2021
 19:10:23 +0000
In-Reply-To: <831r6mzwov.fsf@gnu.org> (Eli Zaretskii's message of "Sat, 21 Aug
 2021 17:42:08 +0300")
X-TMN: [5e2mL56ULsSUXlQSEuydpD1bxcNHMpUe]
X-ClientProxiedBy: AM5PR1001CA0062.EURPRD10.PROD.OUTLOOK.COM
 (2603:10a6:206:15::39) To AM9PR09MB4977.eurprd09.prod.outlook.com
 (2603:10a6:20b:304::20)
X-Microsoft-Original-Message-ID: <874kbibom9.fsf@live.com>
X-MS-Exchange-MessageSentRepresentingType: 1
Original-Received: from pascal.homepc (81.232.177.30) by
 AM5PR1001CA0062.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:206:15::39) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4436.19 via Frontend
 Transport; Sat, 21 Aug 2021 19:10:22 +0000
X-MS-PublicTrafficType: Email
X-IncomingHeaderCount: 46
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-Correlation-Id: 95432e58-4e90-4b8b-2cbb-08d964d7536e
X-MS-TrafficTypeDiagnostic: HE1EUR02HT218:
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: sQ21vHDPjSslvM0ah5WR1TNVVjzHHcLMW1if1UYe7vbl9u6I/a2uJJd4+Te/IdxyNXTqAC2VXSDeSuAnRvIU4cZrnpyUzgwT0hE5YRQx7+ofQwp7+KmYHIiEIJSkW70bGAv6KabMRQcyGmUuLNNYG/nqmLzET2TFVhJCreCC7EsvTK6tfNdi/oHo0yIcXS0fV6ozfcuzE4Ib1lagD0pt0Odkj5WRbnLSVDBbAx066Fr0SLXNNIqDHQXg/GVfIXqHrcCFws+odeOHORhCUdmmdD+Ro8Z9WHPRDPNcLoggEXIlb701Pq3hbp/DKBSisWN6hkk372URT6uTSiA6pdmwWlduV3OtMwt40lXNSM5bSCj/hvaMSdzUJN/GyL5fUL1gyZQDs3bcHHDpuxnvR9Tp/qksnAgFN3J1urEP+uSZivaHfnUfVMOo3tMepTvLxncG
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 9VCCRlxcpZN9mRx+zOrXZeGqewZ7vzIbXfucTuKT/Se96s6xUaJ0vcd3EwHMqj6ceBSPFjOe1NxncTUW73f/Ef/DMt6Tu5zRS+ke3SEDHuCiu6oDUI0B/Chx5eL/wBQmoXQxJ6InX+JBCUbTnsPonA==
X-OriginatorOrg: live.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 95432e58-4e90-4b8b-2cbb-08d964d7536e
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Aug 2021 19:10:23.4312 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource: HE1EUR02FT045.eop-EUR02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1EUR02HT218
Received-SPF: pass client-ip=40.92.69.11; envelope-from=arthur.miller@live.com;
 helo=EUR02-VE1-obe.outbound.protection.outlook.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:272799
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/272799>

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Arthur Miller <arthur.miller@live.com>
>> Cc: monnier@iro.umontreal.ca,  philipk@posteo.net,  emacs-devel@gnu.org
>> Date: Sat, 21 Aug 2021 16:34:34 +0200
>> 
>> I understand they consider it a security issue, but I don't understand
>> why. Couldn't they apply same rules to symlinked file access as if the
>> access was direct?
>
> If the symlink resolution is done below the level where access rights
> are checked, you cannot do that.

Which means we can leak access rights if we symlink from priviledged
ring into lesser access right ring, or how they call it? Or I missunderstand.

> Also, the ACL system on Windows is very complex, and there are a lot
> of access rights inherited indirectly, so maybe there's more to it
> than meets the eye.  Like I said, I'm not an expert on this stuff.
>> Bit I guess Microsoft has acquired quite clever
>> people so they have their reasons. I don't think they removed symlinks
>> just because, for no good reason.
>
> Symlinks are not removed from Windows, they are present (and Emacs on
> Windows supports them).
Oh sorry for the last, my brain was on the vacation, "removed" I meant
from original design ... back in VMS/VAX time I was still in thoughts of
another replay. As I understand they added symlinks "relatively"
recently (in Vista), but I maybe missunderstood there.