[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27986: 26.0.50; 'rename-file' can rename files without confirmation
From: |
Eli Zaretskii |
Subject: |
bug#27986: 26.0.50; 'rename-file' can rename files without confirmation |
Date: |
Wed, 16 Aug 2017 20:30:44 +0300 |
> Cc: p.stephani2@gmail.com, 27986@debbugs.gnu.org
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Wed, 16 Aug 2017 10:19:35 -0700
>
> > What's more, some of the use cases will not even
> > signal an error after the change, they will instead silently do
> > something different from the previous versions, which is really bad.
>
> This should be quite rare. The only scenario I see matching your concern is
> if
> the source is a directory, the destination is not a directory name but is an
> empty directory and is not a symlink, and the destination is not a descendant
> of
> the source. Although not impossible, this will happen so rarely that it
> doesn't
> invalidate the proposed change.
I don't think we know how rare that is. And if it is very rare, I'm
not sure it's better, because it means such problems might go
unnoticed and/or unfixed for years.
> I've looked at this issue fairly carefully, and I'm afraid the solution I've
> proposed is the best way forward if we want to close the security hole in
> Emacs.
Let's hear more opinions, okay?
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, (continued)
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/15
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/15
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/15
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/15
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/15
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation,
Eli Zaretskii <=
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Glenn Morris, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Stefan Monnier, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Stefan Monnier, 2017/08/16
- bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/19
bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Paul Eggert, 2017/08/13
bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/14
bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, Eli Zaretskii, 2017/08/14