GNU bug report logs - #27986
26.0.50; `rename-file' can rename files without confirmation

Previous Next

Package: emacs;

Reported by: Philipp <p.stephani2 <at> gmail.com>

Date: Sun, 6 Aug 2017 15:41:02 UTC

Severity: important

Tags: security

Found in version 26.0.50

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Stefan Monnier <monnier <at> IRO.UMontreal.CA>, Eli Zaretskii <eliz <at> gnu.org>
Cc: 27986 <at> debbugs.gnu.org, p.stephani2 <at> gmail.com, John Wiegley <johnw <at> gnu.org>, rms <at> gnu.org
Subject: bug#27986: 26.0.50; 'rename-file' can rename files without confirmation
Date: Wed, 16 Aug 2017 16:56:48 -0700

On 08/16/2017 03:31 PM, Stefan Monnier wrote:
>>> This should be quite rare.  The only scenario I see matching your
>>> concern is if the source is a directory, the destination is not
>>> a directory name but is an empty directory and is not a symlink, and
>>> the destination is not a descendant of  the source.  Although not
>>> impossible, this will happen so rarely that it doesn't invalidate
>>> the proposed change.
> Paul's suggestion makes a lot of sense to me, but I don't quite
> understand the above: why does the emptiness of the destination
> directory matter?

It's because the system call rename(A,B) always fails when B is a 
nonempty directory. Hence the proposed (rename-file A B) will fail if B 
is not a directory name but happens to name a nonempty directory, and 
therefore rename-file noisily fails instead of silently behaving 
differently in this case (which was Eli's concern). Conversely, if B is 
an empty directory then rename(A,B) can succeed (and thereby remove the 
old B) if all the other conditions are met.
This bug report was last modified 7 years and 257 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.