GNU bug report logs - #33264
Whitelist vc-follow-symlinks as a safe file variable

Previous Next

Package: emacs;

Reported by: "Eugene J." <w3techplayground <at> gmail.com>

Date: Mon, 5 Nov 2018 02:56:01 UTC

Severity: wishlist

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Dmitry Gutov <dgutov <at> yandex.ru>
Cc: "Eugene J." <w3techplayground <at> gmail.com>, 33264 <at> debbugs.gnu.org
Subject: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
Date: Mon, 15 Jul 2019 17:50:26 +0200

Dmitry Gutov <dgutov <at> yandex.ru> writes:

> I've tried to imagine a security issue stemming from it (e.g. linking
> to an external directory tree with its own dir-locals values, and
> then... what?), but didn't really come up with anything significant.

The doc string says that a nil is "dangerous", but doesn't say what the
danger is:

---
What to do if visiting a symbolic link to a file under version control.
Editing such a file through the link bypasses the version control system,
which is dangerous and probably not what you want.

If this variable is t, VC follows the link and visits the real file,
telling you about it in the echo area.  If it is ‘ask’, VC asks for
confirmation whether it should follow the link.  If nil, the link is
visited and a warning displayed.
---

I'm guessing it doesn't really mean "dangerous", but instead "not
optimal in most cases".

Anyway, what would the safe-local values be?  nil, t and ask or just
nil?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 3 years and 202 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.