|
| From: | Paul Eggert |
| Subject: | Re: Signaling an error while saving files due to file-extended-attributes |
| Date: | Tue, 29 Sep 2020 09:58:19 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 |
On 9/29/20 8:29 AM, Eli Zaretskii wrote:
This is probably OK for the primitives that access the extended attributes, but what about their calls during saving a buffer to its file? Signaling an error there effectively prevents users from saving their edits in such cases, which IMO makes little sense.
The same thing happens if file-modes signals an error, which can happen if there is an I/O error, or if someone else has removed the file while Emacs is running, or whatever. Surely a file-extended-attributes error should be treated like a file-modes error?
The worry about ignoring errors is that the user will create a file that contains sensitive data but which has too-generous access permissions because we couldn't determine permissions.
One possible solution would be to use the stingiest permissions on the backup file if we cannot determine the permissions of the original. This would be mode 700 (with no setuid etc. bits) for POSIX modes; I don't know offhand what it would be for ACLs or for SELinux. Emacs should warn the user if it does this, presumably.
| [Prev in Thread] | Current Thread | [Next in Thread] |