bug#27986: 26.0.50; 'rename-file' can rename files without confirmation

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27986: 26.0.50; 'rename-file' can rename files without confirmation

From:	Eli Zaretskii
Subject:	bug#27986: 26.0.50; 'rename-file' can rename files without confirmation
Date:	Wed, 16 Aug 2017 20:30:44 +0300

> Cc: p.stephani2@gmail.com, 27986@debbugs.gnu.org
> From: Paul Eggert <eggert@cs.ucla.edu>
> Date: Wed, 16 Aug 2017 10:19:35 -0700
> 
> > What's more, some of the use cases will not even
> > signal an error after the change, they will instead silently do
> > something different from the previous versions, which is really bad.
> 
> This should be quite rare. The only scenario I see matching your concern is 
> if 
> the source is a directory, the destination is not a directory name but is an 
> empty directory and is not a symlink, and the destination is not a descendant 
> of 
> the source. Although not impossible, this will happen so rarely that it 
> doesn't 
> invalidate the proposed change.

I don't think we know how rare that is.  And if it is very rare, I'm
not sure it's better, because it means such problems might go
unnoticed and/or unfixed for years.

> I've looked at this issue fairly carefully, and I'm afraid the solution I've 
> proposed is the best way forward if we want to close the security hole in 
> Emacs.

Let's hear more opinions, okay?

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27986: 26.0.50; 'rename-file' can rename files without confirmation, (continued)

Prev by Date: bug#21376: 25.0.50; Python tests fail on MS-Windows -- issues with the prompt
Next by Date: bug#28098: 26.0.50; bad C fontification
Previous by thread: bug#27986: 26.0.50; 'rename-file' can rename files without confirmation
Next by thread: bug#27986: 26.0.50; 'rename-file' can rename files without confirmation
Index(es):
- Date
- Thread