From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.bugs Subject: bug#27986: 26.0.50; `rename-file' can rename files without confirmation Date: Mon, 14 Aug 2017 17:09:35 +0000 Message-ID: References: <83poc8tynu.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a1143b6f2ca0ca40556b9ba63" X-Trace: blaine.gmane.org 1502730622 21914 195.159.176.226 (14 Aug 2017 17:10:22 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 14 Aug 2017 17:10:22 +0000 (UTC) Cc: 27986@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Aug 14 19:10:15 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhIsS-0004y4-Kj for geb-bug-gnu-emacs@m.gmane.org; Mon, 14 Aug 2017 19:10:08 +0200 Original-Received: from localhost ([::1]:35719 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dhIsY-0002K8-S6 for geb-bug-gnu-emacs@m.gmane.org; Mon, 14 Aug 2017 13:10:14 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44577) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dhIsS-0002ID-3K for bug-gnu-emacs@gnu.org; Mon, 14 Aug 2017 13:10:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dhIsM-0006EX-1U for bug-gnu-emacs@gnu.org; Mon, 14 Aug 2017 13:10:08 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:55518) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dhIsL-0006EP-Tu for bug-gnu-emacs@gnu.org; Mon, 14 Aug 2017 13:10:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dhIsL-0005MO-L9 for bug-gnu-emacs@gnu.org; Mon, 14 Aug 2017 13:10:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Philipp Stephani Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 14 Aug 2017 17:10:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27986 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 27986-submit@debbugs.gnu.org id=B27986.150273059320592 (code B ref 27986); Mon, 14 Aug 2017 17:10:01 +0000 Original-Received: (at 27986) by debbugs.gnu.org; 14 Aug 2017 17:09:53 +0000 Original-Received: from localhost ([127.0.0.1]:35966 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhIsD-0005M4-Er for submit@debbugs.gnu.org; Mon, 14 Aug 2017 13:09:53 -0400 Original-Received: from mail-oi0-f51.google.com ([209.85.218.51]:35142) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dhIsC-0005Ly-4I for 27986@debbugs.gnu.org; Mon, 14 Aug 2017 13:09:52 -0400 Original-Received: by mail-oi0-f51.google.com with SMTP id e124so90098490oig.2 for <27986@debbugs.gnu.org>; Mon, 14 Aug 2017 10:09:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vl5vFeLhGgjDAyBh22q0NlPJ/7cfdkV4jC1wHDIZVwI=; b=YyrJrrvN+FvDi5KmGI64uz0jljsPRJAiuBLq6Oh/RTScW9xMD7V4AUgmcTb3JFKtuK t0flzi78FQ5vWiOIqm5zd19D2o+bpbqcnHntXHU1VVvYO7pHAnpb8MVMzpG74jj9BloP ojFtMLWoIaMKuVq5YNYYpyuppg/E4rLzpAr8VzH5p5HTB5zAkaFqAnxfmiLu7P8FeCLE 7Fy/nR98D5g5byQDSqOmkKIX2e+urc3oRB05foeJqDIyg2ElpgMvy9Y8nHIQd3q5pZ8P c+rNV/il5VP5Ah0ojn+hK7QvqD6x9RdweNRgVlJn4qhwmaNEffCnbtHAgvAfk9kUAKj8 L+FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vl5vFeLhGgjDAyBh22q0NlPJ/7cfdkV4jC1wHDIZVwI=; b=FPD2IOxS+oJ8HPzVnD01nqM2VKBhzbYeizChby82z8vjo/8HmKGLpiHyntmQwq3lGL BymXpNCa8bAPqVrAQQWgqIvDHSOC7D0kfbl3k9YkMiUEtuJqbn9aAXpFqZHpLmAVrw1U C+uNouaZ2vWAQ+bw+JVyS22rSFqT04XNIKX5tNgGHd4nYd3nFi/+XUnwE4Zg2Q8ogxtK znea8unua32CsPgW0GvWee9JvE+mloCojgvlYwnmG9R4TVNLt4uQAN+GJTbjCrhOy0F+ JMmH/3VbOuMQrrxszuewydA89qGpziNDtTZiKRMZD4GhSAB6ZhR76X4cXLQX+KA9PXGe Tj4w== X-Gm-Message-State: AHYfb5iY6nitQjJHJBWPcQxxTeEnOzW5lyANlkNDxot60jpObAD4fCCt BQ4C0o/X4cHdF8xFdibxUpX5DYzbCQ== X-Received: by 10.202.208.144 with SMTP id j16mr30375051oiy.82.1502730586293; Mon, 14 Aug 2017 10:09:46 -0700 (PDT) In-Reply-To: <83poc8tynu.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:135753 Archived-At: --001a1143b6f2ca0ca40556b9ba63 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Eli Zaretskii schrieb am So., 6. Aug. 2017 um 19:05 Uhr: > > From: Philipp > > Date: Sun, 06 Aug 2017 17:40:18 +0200 > > > > (rename-file "/tmp/emacs/=E1=BA=9E" "/tmp/emacs/=C3=9F") > > nil > > > > Note how `rename-file' has silently overwritten `=C3=9F'. This is beca= use on > > macOS, `=C3=9F' and `=E1=BA=9E' are different file names, but Emacs tre= ats them as > > equal. Probably the test for case-insensitive file names should be > > removed altogether > > Which one? there are two of them. > I guess all of them where correctness would depend on the outcome. > > > (it can't work correctly and introduces a filesystem race) > > It cannot work correctly _because_ of a possible race or because of > some other reasons? If the latter, please elaborate. As this example shows, there are cases where two case-insensitive filenames are considered equivalent by Emacs, but different by the actual filesystem. This is unavoidable, because the definition of "case-insensitive" changes all the time, both in Emacs and in the filesystems. Generally it's impossible to detect whether two filenames would refer to the same file without actually creating the file. And even then the answer depends on how the file is created, see e.g. FILE_FLAG_POSIX_SEMANTICS. So Emacs can't compare filenames and make decisions based on the result upon which the correctness of a critical function depends. Comparing filenames can still be OK for best-effort attempts at giving the user better error messages or similar. > If the former, > then at least on MS-Windows we have a race anyway, because the > underlying system APIs are not atomic. Wouldn't MoveFileExW with MOVE_FILE_REPLACE_EXISTING be atomic? > and `rename-file' should use link(2) + unlink(2) if renameat2 > > isn't available. > > 'link' and 'unlink' accept strings as arguments, not integer numbers > such as 2. > Yes, I mean the functions described in section 2 of the man page. link(2) is a common markup for this. > > More to the point, how can this strategy work on a case-insensitive > filesystem? What am I missing? > IIUC link(2) + unlink(2) would, if successful, guarantee enough atomicity in the sense that the old file is now guaranteed to be the new file, and the call is guaranteed to fail if the new file already exists. I don't think anything can help with the case-changing problem; I think we just have to live with an occasional false positive signal in this case. --001a1143b6f2ca0ca40556b9ba63 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


Eli Za= retskii <eliz@gnu.org> schrieb am= So., 6. Aug. 2017 um 19:05=C2=A0Uhr:
> From: Philipp <p.stephani2@gmail.com>
> Date: Sun, 06 Aug 2017 17:40:18 +0200
>
> (rename-file "/tmp/emacs/=E1=BA=9E" "/tmp/emacs/=C3=9F&= quot;)
> nil
>
> Note how `rename-file' has silently overwritten `=C3=9F'.=C2= =A0 This is because on
> macOS, `=C3=9F' and `=E1=BA=9E' are different file names, but = Emacs treats them as
> equal.=C2=A0 Probably the test for case-insensitive file names should = be
> removed altogether

Which one? there are two of them.

I gue= ss all of them where correctness would depend on the outcome.
=C2= =A0

> (it can't work correctly and introduces a filesystem race)

It cannot work correctly _because_ of a possible race or because of
some other reasons?=C2=A0 If the latter, please elaborate.=C2=A0

As this example shows, there are cases where two case= -insensitive filenames are considered equivalent by Emacs, but different by= the actual filesystem. This is unavoidable, because the definition of &quo= t;case-insensitive" changes all the time, both in Emacs and in the fil= esystems. Generally it's impossible to detect whether two filenames wou= ld refer to the same file without actually creating the file. And even then= the answer depends on how the file is created, see e.g. FILE_FLAG_POSIX_SE= MANTICS. So Emacs can't compare filenames and make decisions based on t= he result upon which the correctness of a critical function depends. Compar= ing filenames can still be OK for best-effort attempts at giving the user b= etter error messages or similar.
=C2=A0
If the former,
then at least on MS-Windows we have a race anyway, because the
underlying system APIs are not atomic.

Woul= dn't MoveFileExW with MOVE_FILE_REPLACE_EXISTING be atomic?
<= br>
> and `rename-file' should use link(2) + unlink(2) if renameat2
> isn't available.

'link' and 'unlink' accept strings as arguments, not intege= r numbers
such as 2.

Yes, I mean the functions de= scribed in section 2 of the man page. link(2) is a common markup for this.<= /div>
=C2=A0

More to the point, how can this strategy work on a case-insensitive
filesystem?=C2=A0 What am I missing?

II= UC link(2) + unlink(2) would, if successful, guarantee enough atomicity in = the sense that the old file is now guaranteed to be the new file, and the c= all is guaranteed to fail if the new file already exists. I don't think= anything can help with the case-changing problem; I think we just have to = live with an occasional false positive signal in this case.=C2=A0
--001a1143b6f2ca0ca40556b9ba63--