GNU bug report logs - #28264
Accessing source directory through symlink produces false warnings

Previous Next

Full log

Message #16 received at 28264 <at> debbugs.gnu.org (full text, mbox):

From: Paul Eggert <eggert <at> cs.ucla.edu>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: Glenn Morris <rgm <at> gnu.org>, 28264 <at> debbugs.gnu.org
Subject: Re: bug#28264: Accessing source directory through symlink produces
 false warnings
Date: Tue, 29 Aug 2017 19:20:47 -0700

[Message part 1 (text/plain, inline)]

Michael Albinus wrote:

> This special problem does not seem to affect Tramp, tramp-tests tell.

The problem I was thinking of does not seem to be covered by Tramp tests. If, 
for example, I do these shell commands:

$ ln -s "../penguin:motd" /tmp/foo
$ ls -l /tmp/foo
lrwxrwxrwx 1 eggert eggert 15 Aug 29 19:00 /tmp/foo -> ../penguin:motd

then (file-truename "/tmp/foo") returns "/penguin:motd" which is not /tmp/foo's 
true name as far as Emacs file-oriented commands are concerned. Admittedly this 
is an improvement over Emacs 25.2 where the same file-truename call ssh'es into 
penguin to resolve the name, which is a clear security issue. Still, it doesn't 
seem right, if file-truename is expected to quote its result if necessary.

Sorry about all this confusion, but I do not know the general principle that 
Emacs is supposed to be using with file names, and to some extent I fear that 
there isn't one alas.

> However, the following code is unclear to me:
> 
>> +	(concat "/:" file))
> 
> What, if file is already quoted? Shouldn't this be
> 
>          (file-name-quote file)

Quite possibly, and I'll take your word for it. I installed the attached.

[0001-Prefer-file-name-quote-to-concat.patch (text/x-patch, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.