[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#16984: dired-do-rename susceptible to .../~/... hijack
From: |
積丹尼 Dan Jacobson |
Subject: |
bug#16984: dired-do-rename susceptible to .../~/... hijack |
Date: |
Tue, 11 Mar 2014 02:10:07 +0800 |
R runs the command dired-do-rename, which is an interactive autoloaded
compiled Lisp function in `dired-aux.el'.
Using it, I got this strange error:
Move `/home/jidanni/.cpanm/work/1327389327.6650' to `/tmp/1327389327.6650'
failed:
(file-error Opening output file permission denied
/home/jidanni/perl5/lib/perl5/i486-linux-gnu-thread-multi-64int/.meta/accessors-1.01/MYMETA.json)
Well it turns out emacs' file name simplifying rules are being applied
in inappropriate places like when encountering
/home/jidanni/.cpanm/work/1327389327.6650/accessors-1.01/~/perl5/lib/perl5/i486-linux-gnu-thread-multi-64int/.meta/accessors-1.01:
total 16
drwxr-xr-x 2 jidanni 4096 2012-01-24 .
drwxr-xr-x 3 jidanni 4096 2012-01-24 ..
-r--r--r-- 1 jidanni 1374 2012-01-24 MYMETA.json
-r--r--r-- 1 jidanni 456 2012-01-24 install.json
One must use /bin/mv and not dired-do-rename to get the job done right.
One can even think of ways the bad guys could exploit this to chip away
at arbitrary files.
$ apt-cache policy emacs-snapshot
emacs-snapshot:
Installed: 2:20140101-1
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#16984: dired-do-rename susceptible to .../~/... hijack,
積丹尼 Dan Jacobson <=