[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#33264: Whitelist vc-follow-symlinks as a safe file variable

From: Lars Ingebrigtsen
Subject: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
Date: Mon, 15 Jul 2019 17:50:26 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

Dmitry Gutov <address@hidden> writes:

> I've tried to imagine a security issue stemming from it (e.g. linking
> to an external directory tree with its own dir-locals values, and
> then... what?), but didn't really come up with anything significant.

The doc string says that a nil is "dangerous", but doesn't say what the
danger is:

What to do if visiting a symbolic link to a file under version control.
Editing such a file through the link bypasses the version control system,
which is dangerous and probably not what you want.

If this variable is t, VC follows the link and visits the real file,
telling you about it in the echo area.  If it is ‘ask’, VC asks for
confirmation whether it should follow the link.  If nil, the link is
visited and a warning displayed.

I'm guessing it doesn't really mean "dangerous", but instead "not
optimal in most cases".

Anyway, what would the safe-local values be?  nil, t and ask or just

(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

reply via email to

[Prev in Thread] Current Thread [Next in Thread]