GNU bug report logs - #11912
24.1; 'M' in Dired on a symlink does not refresh the display

Package: emacs;

Reported by: Eli Zaretskii <eliz <at> gnu.org>

Date: Wed, 11 Jul 2012 16:45:01 UTC

Severity: minor

Found in version 24.1

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Paul Eggert <eggert <at> cs.ucla.edu>
Cc: "Michalis V." <mvar.40k <at> gmail.com>, 11912 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>
Subject: bug#11912: 24.1; 'M' in Dired on a symlink does not refresh the display
Date: Wed, 25 Aug 2021 12:57:56 +0200

Paul Eggert <eggert <at> cs.ucla.edu> writes:

> * I neglected to document this behavior change, so I just now
>   installed the attached to fix that oversight.

I understand the security-related reasons for changing the `M' command,
but I'm wondering whether they are weighty enough to make it more
inconvenient for the user to use symlinks in Emacs.

The reasoning is that an attacker may control a symlink and make it
point to somewhere else.  So I may have 

  lrwxrwxrwx  1 evil      evil         17 Aug 25 12:52 foosym -> /tmp/IMG_4475.JPG

in my dired buffer, and then "evil" changes the link to point to
somewhere else, and then I say `M' on the link, and then I operated on
the wrong file.

However, on the command line, chmod is fine with following symlinks, so
the user can just `! chmod 0444' instead, and the same will happen.

So is inconveniencing people who are using the `M' command worth it?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

This bug report was last modified 3 years and 328 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #11912 24.1; 'M' in Dired on a symlink does not refresh the display

GNU bug report logs - #11912
24.1; 'M' in Dired on a symlink does not refresh the display