[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nano-devel] what is --nofollow good for?
From: |
doark |
Subject: |
Re: [Nano-devel] what is --nofollow good for? |
Date: |
Mon, 1 Feb 2016 09:30:50 -0500 |
On 28 Jan 2016 16:18, Mike Frysinger wrote:
> On 28 Jan 2016 19:54, Benno Schulenberg wrote:
> > On Thu, Jan 28, 2016, at 17:47, Mike Frysinger wrote:
> > > On 28 Jan 2016 10:01, Benno Schulenberg wrote:
> > > > So this hasn't been working for at least twelve years.
> > > > (And why should it? If they want the symlink gone, they
> > > > can simply delete it beforehand. Why should nano do the
> > > > work for them?)
> > >
> > > because when you try to edit files in dirs that others have access
> > > to, you want to make sure a save operation does not get redirected
> > > to a place you did not intend. simply saying "if there's a
> > > symlink, you should delete it first" doesn't help.
> >
> > Okay. However, if the current code were working correctly,
> > then there is a little time between the unlink of the symlink
> > and the open(O_WRONLY | O_CREAT | O_TRUNC) of the file to be
> > written. So there is a window for someone to quickly recreate
> > the symlink. So --nofollow would give a false sense of security.
>
> i'm not suggesting nano works well currently ;). just providing
> a real world example of where this functionality makes sense. if
> you don't want to support it, then so be it.
>
> > Also, is there any other editor that has this feature: overwrite
> > symlinks instead of following them?
>
> no idea
This is just a short list
Editor name Vulnerable Notes
ne Y It's full name is nice editor
nedit Y Yells, screams, but still is vulnerable
libreoffice Y Warns that file has changed, but not how
xemacs Y Warns that file has changed, but not how
adie Y brings up save dialogue every time
Sincerely, David
- Re: [Nano-devel] what is --nofollow good for?,
doark <=