GNU bug report logs - #58781
28.2; move-file-to-trash may move file across filesystems

Previous Next

Package: emacs;

Reported by: Gustavo Barros <gusbrs.2016 <at> gmail.com>

Date: Tue, 25 Oct 2022 20:01:02 UTC

Severity: normal

Tags: security

Found in version 28.2

Full log

View this message in rfc822 format

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Gustavo Barros <gusbrs.2016 <at> gmail.com>, 58781 <at> debbugs.gnu.org
Subject: bug#58781: 28.2; move-file-to-trash may move file across filesystems
Date: Tue, 25 Oct 2022 23:22:51 -0700

tags 58781 + security
thanks

Gustavo Barros <gusbrs.2016 <at> gmail.com> writes:

> This means `move-file-to-trash' is technically within specs, since
> "The implementation MAY also support trashing files from the rest of
> the system (including other partitions, shared network resources, and
> removable devices) into the “home trash” directory." I heartily
> disagree though with the "no security issues arise" statement.

Yes, that argument overlooks what happens when files are moved from
encrypted partitions to unencrypted ones.  That is bad.

Maybe someone should bring this issue to the xdg mailing list?

BTW, I also wonder why there is no "xdg-trash" script that we could use.

> And I still think it would be better to support trashing to "top
> directories". Of course, this makes this report a "feature request"
> rather than a "bug".

Agreed, but I don't think this makes it into a non-bug.

> Second, for anyone else half as concerned with this as I am, you may
> be interested in a workaround too. For the time being, I'm using:
>
>     (defun system-move-file-to-trash (filename)
>       (if-let ((exec (executable-find "gio")))
>           (let ((fn (directory-file-name (expand-file-name filename))))
>             (set-process-sentinel
>              (start-process "trash-file" nil exec "trash" fn)
>              (lambda (_proc event)
>                (when (string-match-p "^exited abnormally.*" event)
>                  (message "Sorry, couldn't trash the file.")))))
>         (error "Executable `gio' not found, can't trash file.")))
>
> This is somewhat ad hoc, using the way `move-file-to-trash' is
> constructed to support Windows I suppose, but it gets things done. It
> is system dependent too, but it is a matter of finding the right
> command line incantation for trashing a file in your system to adjust
> things.

Could you write this up as a proper patch, instead?
This bug report was last modified 2 years and 235 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.