GNU bug report logs -
#27986
26.0.50; `rename-file' can rename files without confirmation
Previous Next
Reported by: Philipp <p.stephani2 <at> gmail.com>
Date: Sun, 6 Aug 2017 15:41:02 UTC
Severity: important
Tags: security
Found in version 26.0.50
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
> Cc: p.stephani2 <at> gmail.com, 27986 <at> debbugs.gnu.org
> From: Paul Eggert <eggert <at> cs.ucla.edu>
> Date: Wed, 16 Aug 2017 10:19:35 -0700
>
> > What's more, some of the use cases will not even
> > signal an error after the change, they will instead silently do
> > something different from the previous versions, which is really bad.
>
> This should be quite rare. The only scenario I see matching your concern is if
> the source is a directory, the destination is not a directory name but is an
> empty directory and is not a symlink, and the destination is not a descendant of
> the source. Although not impossible, this will happen so rarely that it doesn't
> invalidate the proposed change.
I don't think we know how rare that is. And if it is very rare, I'm
not sure it's better, because it means such problems might go
unnoticed and/or unfixed for years.
> I've looked at this issue fairly carefully, and I'm afraid the solution I've
> proposed is the best way forward if we want to close the security hole in Emacs.
Let's hear more opinions, okay?
This bug report was last modified 7 years and 257 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.