|
From: | Paul Eggert |
Subject: | bug#27986: 26.0.50; 'rename-file' can rename files without confirmation |
Date: | Sun, 13 Aug 2017 15:42:05 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
Paul Eggert wrote:
there are races on GNU/Linux which can lead to potential security problems. Perhaps we can't fix these races on MS-Windows but we should be able to fix them on a GNUish host. However, we will need to change the semantics of rename-file etc. slightly, since no single system call supports the cp-like target rewriting of these functions. I have a fix in mind to do that in a hopefully compatible-enough way, which I'll try to propose soon. I'll keep case-insensitive file systems in mind when I do that.
Attached is a proposed patch to fix this security problem. If I understand things correctly, the fix should work on MS-Windows and on case-insensitive file systems. Since this patch entails an incompatible change to the (undocumented) behavior of (rename-file A B) when B is a directory but is not a directory name, I'll mention the proposed change on emacs-devel.
0001-Fix-race-with-rename-file-etc.-with-dir-NEWNAME.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |