Re: [BUG] Tangle with symbolic links don't work

[Cletip Cletip <clement020302@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3012 bytes --]

Hello !

Sorry to bring up the subject again, but I didn't quite understand what the
solution was: should I modify the function ? Is it modified in a new
version of org-mode ?

Thank you in advance for your response.

Le mar. 7 nov. 2023 à 12:28, Ihor Radchenko <yantar92@posteo.net> a écrit :

> Max Nikulin <manikulin@gmail.com> writes:
>
> >> Max, do you see any pitfalls using `file-truename'?
> >
> > Sorry, I am not familiar with related code path. That is why I can not
> > reason what way to deal with file name is safer.
> >
> > If there is a world-writable directory in the file path (usually
> > $TMPDIR) then `file-truename' is less safe, see
> >
> https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks
>
> Thanks!
>
> > In general, I am never sure that Org code follows best practices in
> > respect to security in general and in respect to /tmp in particular. The
> > following citation is unrelated to /tmp, but the same proposed patch has
> > an issue with predictable name in /tmp:
>
> We have to compromise between usability and safety... but probably not
> in this case.
>
> > Even when /tmp or similar directories are not involved, a proper
> > strategy to replace file content should be carefully chosen. E.g. cp(1)
> > preserves inode number while install(1) replaces target file atomically
> > (create a temporary one and rename). The latter way is more suitable for
> > shared libraries since it allows running application to continue call
> > function from the deleted file.
>
> What we actually use is Elisp API. For export and tangling, we use
> `write-region' - it correctly handles TRAMP files with lower-level
> details taken care of.
>
> I can now see that blindly expanding to `file-truename' may not be wise.
>
> Without `file-truename', the difference between ox.el (that works for
> Cletip) and ob-tangle.el is that ob-tangle explicitly deletes the tangle
> target before tangling:
>
> `org-babel-tangle':
>
>                      ;; erase previous file
>                      (when (file-exists-p file-name)
>                        (delete-file file-name))
>                      (write-region nil nil file-name)
>                      (mapc (lambda (mode) (set-file-modes file-name mode))
> modes)
>
> Rather than using `file-truename', we may instead remove the
> `delete-file' part. This way, we will not risk changing file modes in
> the original files and always modify the symlink, if the tangle target
> is an existing symlink.
>
> > I know, it is not an answer you expected from me, but giving a better
> > one require to much efforts to read the code and to debug it.
>
> It is exactly an answer I expected, actually :)
>
> --
> Ihor Radchenko // yantar92,
> Org mode contributor,
> Learn more about Org mode at <https://orgmode.org/>.
> Support Org development at <https://liberapay.com/org-mode>,
> or support my work at <https://liberapay.com/yantar92>
>

[-- Attachment #2: Type: text/html, Size: 4066 bytes --]