emacs-orgmode
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [BUG] Tangle with symbolic links don't work

From: Max Nikulin
Subject: Re: [BUG] Tangle with symbolic links don't work
Date: Tue, 7 Nov 2023 17:55:49 +0700
User-agent: Mozilla Thunderbird 
On 06/11/2023 23:17, Ihor Radchenko wrote:

Cletip Cletip writes:


I have an Org file, test.org, from which I tangle code blocks into test.py.
The complication arises because test.py is a symbolic link.
I suggest to change your workflow to not depend on particular means to write tangled files. Perhaps you may set tangle directory. Unfortunately the description is too concise to figure out if it would be convenient enough. 


Max, do you see any pitfalls using `file-truename'?
Sorry, I am not familiar with related code path. That is why I can not reason what way to deal with file name is safer.
If there is a world-writable directory in the file path (usually $TMPDIR) then `file-truename' is less safe, see https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks 

echo content >/home/ubuntu/tmp/file.txt
ls -l /home/ubuntu/tmp/file.txt
-rw-r--r-- 1 ubuntu ubuntu 8 Nov  7 17:29 /home/ubuntu/tmp/file.txt

ls -l /tmp/ln
lrwxrwxrwx 1 test test 25 Nov  7 17:10 /tmp/ln -> /home/ubuntu/tmp/file.txt

Notice different owner of the symlink.

echo overwrite >/tmp/ln
bash: /tmp/ln: Permission denied

cat /home/ubuntu/tmp/file.txt
content

`file-truename':

echo overwrite>"$(readlink -f /tmp/ln)"
cat /home/ubuntu/tmp/file.txt
overwrite

/usr/sbin/sysctl fs.protected_symlinks
fs.protected_symlinks = 1
In general, I am never sure that Org code follows best practices in respect to security in general and in respect to /tmp in particular. The following citation is unrelated to /tmp, but the same proposed patch has an issue with predictable name in /tmp:
Visuwesh… Re: [BUG] [PATCH] Add yank-media and DND handler. Wed, 27 Sep 2023 13:59:49 +0530. https://list.orgmode.org/878r8sj9xe.fsf@gmail.com 
That would be quite annoying IMO.  I say we let the user shoot
themselves in the foot.
Even when /tmp or similar directories are not involved, a proper strategy to replace file content should be carefully chosen. E.g. cp(1) preserves inode number while install(1) replaces target file atomically (create a temporary one and rename). The latter way is more suitable for shared libraries since it allows running application to continue call function from the deleted file.
I know, it is not an answer you expected from me, but giving a better one require to much efforts to read the code and to debug it.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]