emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG] Tangle with symbolic links don't work

From: Cletip Cletip
Subject: Re: [BUG] Tangle with symbolic links don't work
Date: Mon, 20 Nov 2023 10:55:51 +0100
Hello !

Sorry to bring up the subject again, but I didn't quite understand what the solution was: should I modify the function ? Is it modified in a new version of org-mode ? 

Thank you in advance for your response.

Le mar. 7 nov. 2023 à 12:28, Ihor Radchenko <yantar92@posteo.net> a écrit :
Max Nikulin <manikulin@gmail.com> writes:

>> Max, do you see any pitfalls using `file-truename'?
>
> Sorry, I am not familiar with related code path. That is why I can not
> reason what way to deal with file name is safer.
>
> If there is a world-writable directory in the file path (usually
> $TMPDIR) then `file-truename' is less safe, see
> https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks

Thanks!

> In general, I am never sure that Org code follows best practices in
> respect to security in general and in respect to /tmp in particular. The
> following citation is unrelated to /tmp, but the same proposed patch has
> an issue with predictable name in /tmp:

We have to compromise between usability and safety... but probably not
in this case.

> Even when /tmp or similar directories are not involved, a proper
> strategy to replace file content should be carefully chosen. E.g. cp(1)
> preserves inode number while install(1) replaces target file atomically
> (create a temporary one and rename). The latter way is more suitable for
> shared libraries since it allows running application to continue call
> function from the deleted file.

What we actually use is Elisp API. For export and tangling, we use
`write-region' - it correctly handles TRAMP files with lower-level
details taken care of.

I can now see that blindly expanding to `file-truename' may not be wise.

Without `file-truename', the difference between ox.el (that works for
Cletip) and ob-tangle.el is that ob-tangle explicitly deletes the tangle
target before tangling:

`org-babel-tangle':

                     ;; erase previous file
                     (when (file-exists-p file-name)
                       (delete-file file-name))
                     (write-region nil nil file-name)
                     (mapc (lambda (mode) (set-file-modes file-name mode)) modes)

Rather than using `file-truename', we may instead remove the
`delete-file' part. This way, we will not risk changing file modes in
the original files and always modify the symlink, if the tangle target
is an existing symlink.

> I know, it is not an answer you expected from me, but giving a better
> one require to much efforts to read the code and to debug it.

It is exactly an answer I expected, actually :)

--
Ihor Radchenko // yantar92,
Org mode contributor,
Learn more about Org mode at <https://orgmode.org/>.
Support Org development at <https://liberapay.com/org-mode>,
or support my work at <https://liberapay.com/yantar92>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]