Hello ! Sorry to bring up the subject again, but I didn't quite understand what the solution was: should I modify the function ? Is it modified in a new version of org-mode ? Thank you in advance for your response. Le mar. 7 nov. 2023 à 12:28, Ihor Radchenko a écrit : > Max Nikulin writes: > > >> Max, do you see any pitfalls using `file-truename'? > > > > Sorry, I am not familiar with related code path. That is why I can not > > reason what way to deal with file name is safer. > > > > If there is a world-writable directory in the file path (usually > > $TMPDIR) then `file-truename' is less safe, see > > > https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks > > Thanks! > > > In general, I am never sure that Org code follows best practices in > > respect to security in general and in respect to /tmp in particular. The > > following citation is unrelated to /tmp, but the same proposed patch has > > an issue with predictable name in /tmp: > > We have to compromise between usability and safety... but probably not > in this case. > > > Even when /tmp or similar directories are not involved, a proper > > strategy to replace file content should be carefully chosen. E.g. cp(1) > > preserves inode number while install(1) replaces target file atomically > > (create a temporary one and rename). The latter way is more suitable for > > shared libraries since it allows running application to continue call > > function from the deleted file. > > What we actually use is Elisp API. For export and tangling, we use > `write-region' - it correctly handles TRAMP files with lower-level > details taken care of. > > I can now see that blindly expanding to `file-truename' may not be wise. > > Without `file-truename', the difference between ox.el (that works for > Cletip) and ob-tangle.el is that ob-tangle explicitly deletes the tangle > target before tangling: > > `org-babel-tangle': > > ;; erase previous file > (when (file-exists-p file-name) > (delete-file file-name)) > (write-region nil nil file-name) > (mapc (lambda (mode) (set-file-modes file-name mode)) > modes) > > Rather than using `file-truename', we may instead remove the > `delete-file' part. This way, we will not risk changing file modes in > the original files and always modify the symlink, if the tangle target > is an existing symlink. > > > I know, it is not an answer you expected from me, but giving a better > > one require to much efforts to read the code and to debug it. > > It is exactly an answer I expected, actually :) > > -- > Ihor Radchenko // yantar92, > Org mode contributor, > Learn more about Org mode at . > Support Org development at , > or support my work at >