GNU bug report logs - #27986
26.0.50; `rename-file' can rename files without confirmation

Previous Next

Package: emacs;

Reported by: Philipp <p.stephani2 <at> gmail.com>

Date: Sun, 6 Aug 2017 15:41:02 UTC

Severity: important

Tags: security

Found in version 26.0.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ken Brown <kbrown <at> cornell.edu>
To: Paul Eggert <eggert <at> cs.ucla.edu>, Philipp Stephani <p.stephani2 <at> gmail.com>, Eli Zaretskii <eliz <at> gnu.org>
Cc: 27986 <at> debbugs.gnu.org
Subject: bug#27986: 26.0.50; 'rename-file' can rename files without confirmation
Date: Wed, 16 Aug 2017 15:33:31 -0400

On 8/14/2017 7:03 PM, Paul Eggert wrote
> Now that renameat_noreplace works on DOS_NT, would it make sense to 
> apply the attached further patch as well? If we can get 
> renameat_noreplace to work on Cygwin the we could simplify the fileio.c 
> code even further.

I'm in the process of writing an implementation of something like 
'renameat2', which I'll submit to the Cygwin developers.  Even if it's 
accepted, however, I think we'll still need to retain the 
case-insensitivity test for users of old versions of Cygwin, unless 
there's a decision to remove that because of the security concerns 
currently being discussed.

Ken

This bug report was last modified 7 years and 257 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27986 26.0.50; `rename-file' can rename files without confirmation

GNU bug report logs - #27986
26.0.50; `rename-file' can rename files without confirmation