GNU bug report logs - #47058
28.0.50; Dired Z: insert-directory: Reading directory: No such file or directory, CrossLine_linux_x86

Previous Next

Package: emacs;

Reported by: Jean Louis <bugs <at> gnu.support>

Date: Wed, 10 Mar 2021 20:31:01 UTC

Severity: minor

Found in version 28.0.50

Fixed in version 30.1

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: "Michalis V." <mvar.40k <at> gmail.com>, mcenturion <at> fing.edu.uy, 47058 <at> debbugs.gnu.org, arthur.miller <at> live.com
Subject: bug#47058: 28.0.50; Dired Z: insert-directory: Reading directory: No such file or directory, CrossLine_linux_x86
Date: Tue, 21 Sep 2021 19:10:09 +0200

Eli Zaretskii <eliz <at> gnu.org> writes:

> That's a separate issue.  And I don't see how is it a security issue
> for Emacs, when unpacking an archive manually with 'tar' etc. would
> produce the same results.  If the user wants to overwrite his/her
> sensitive files, we should let them do it, in the same way as other
> utilities do.  But that's MO, and it is a separate concern anyway.

It's an Emacs security issue because we make it so easy to unpack these
tar files.  We should ideally inspect the file first and see whether
it's an adversarial tar file first, and then prompt the user for what to
do.

> I'm okay with having a separate command for unpacking, yes.  We'd need
> to provide a backward-compatibility option if we do that, since 'Z'
> unpacks for some time now.

Separate commands here would be good; yes.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 364 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.