From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id kHQEM+sXSmVk0wAAG6o9tA:P1 (envelope-from ) for ; Tue, 07 Nov 2023 11:56:44 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id kHQEM+sXSmVk0wAAG6o9tA (envelope-from ) for ; Tue, 07 Nov 2023 11:56:43 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 87F3D15C8A for ; Tue, 7 Nov 2023 11:56:43 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=fwsXH+qb; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1699354603; a=rsa-sha256; cv=none; b=cQe4qvjNkzF/j9tQ6UD/+9zpKa6nulU/98SY8EO64jsqKylu6iiUfCUjBrAxBHANmJsYc1 PKbXAO5xqA1ET8wTvOdXDX6VsiTS/dN40qsjcD4ItSaH/8WCGIP7wkGnyBdbiSmMxiRvIp hSylM4h9IuFYJaNwE5sgzwx98pzOTKdrxkjyBjDgQh8w3IFZJjhCJax9YnLZUdhnNuuGc1 kAjNMLSieLh+dT43CWJdRf8eLOaXA529YZkyEvuhgJ2ue9tK8VHDm1UjnPrgJUVpvdHEPz ftd5aI5RCZDM0pCHkzRiRlRgUEOtDnyJL/MQB4XEcBCuETpswXlwmSTqi1soIA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=fwsXH+qb; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "emacs-orgmode-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="emacs-orgmode-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1699354603; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=22GLFt7FAH0o4i6rYKBapNjMmzkUfpxCAkBqJM0Kku0=; b=ELawzNtEmiG9+rAKvVDEGMiqXRm4VovtrKSe/7HIYAzREEIIwxTigO1hLAKm5bPyZeCJuL +5/zd6dZKgrsavK/2rsGB17Z/MWOdkbOf8ahOCDVKbrRAbCRa795AyH+U0ZAKTCnAzLm0o k4UQfm4y4Sm7hNHeG4SCFAWrKivGqqgNqWEp6ELx+b9AU9qAFqWNpMD1eEdbsrYY16c6vR cZwipoUkT6sd0NxJzOymzPpa75A0Z6+3zT8ww2b+b937RFe7T6cAw/NLqTXe3JbnLQ0m+9 AGNWpm7BKYgNzduUjQpNSpLXUTwPq7MLZa6f0ruhQ4R7EyHsTYHhFUcEbjLXFw== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r0Jki-0006Lw-3e; Tue, 07 Nov 2023 05:56:12 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r0Jkc-0006HJ-LP for emacs-orgmode@gnu.org; Tue, 07 Nov 2023 05:56:08 -0500 Received: from mail-lf1-x12b.google.com ([2a00:1450:4864:20::12b]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r0JkZ-00038o-8x for emacs-orgmode@gnu.org; Tue, 07 Nov 2023 05:56:06 -0500 Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-507a5f2193bso5933469e87.1 for ; Tue, 07 Nov 2023 02:55:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1699354552; x=1699959352; darn=gnu.org; h=content-transfer-encoding:in-reply-to:mail-followup-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=22GLFt7FAH0o4i6rYKBapNjMmzkUfpxCAkBqJM0Kku0=; b=fwsXH+qbvcZc4eDC7kVKsE4JhwlSgp5XDdWGI+S574gbzKZ8jobRlZW3hyVbD6BhCc 2F/J1OdMYLcaNypB/r+YcSs1UE9EJ6rMo5AWmkH43obl0gGutEfZMiFsPundp4sdIB55 TyDBWiRj/apMdBpd/Q6f8Ey7x2Xh7C1FJy+/R4oGo0xqco5OBlJhoCyZj+93Iwg3RceN ZXg4LYGvFbgmRHk4vvxaLegYECEvyxymFPy9ngPCEEEovyqKO9LTlfacDM9oXxYxFlNu uA9UzSMJIY+vHDpoUESW9TTyHoxCiH2nF0kaXqeQxL/u8BgOpjyimlJzRj9Tao4WchTy bCCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699354552; x=1699959352; h=content-transfer-encoding:in-reply-to:mail-followup-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=22GLFt7FAH0o4i6rYKBapNjMmzkUfpxCAkBqJM0Kku0=; b=qU3vXnq25gRLOkc1JikKPDKvkstGC+R/FJ/hkf+FiibeTCqjClH3reW/x3l/NNTHBs zhOs0ikhKRtIgY9fmRhvN7BxPxtBLOViw7qLZ/N+lgyxC7hlTextUwGqjwLsAHPK2QtZ iGpeZpYDi3meUcxSpMAxQt+4BdSiA1pMYf/VSxyCxa4gfC/mGnyqrrBrHrDIpDGkb8f0 hpyzg7amx0TVxiawmgxW58zay1cFuMupKXD/EJm33JyX2QDau1NyjI00Fk0JcrOqyQmU i6rCSzCpDBdQdO5enKHcSw/lxHcxuonV8JJ9EDuqPYs+DFj9kMYNy/VBsYJNRgrVvlLb OMIQ== X-Gm-Message-State: AOJu0YydCSVi5treyY0Vm4BIX0v+OXHoCYr//QPYePIzyVfqMTio/SK+ Qfzy2qupkE7bNdkjgnjttojL6yVoemg= X-Google-Smtp-Source: AGHT+IHLbk8fswM3tHcNo0IMEntpBbD7eH7gYhwkYSWqr3Xe/Pn/Ttr//T4fsVVAZdz0Q+iaPVYYlg== X-Received: by 2002:a19:6418:0:b0:509:39fa:90d5 with SMTP id y24-20020a196418000000b0050939fa90d5mr716782lfb.26.1699354551646; Tue, 07 Nov 2023 02:55:51 -0800 (PST) Received: from [192.168.0.101] (nat-0-0.nsk.sibset.net. [5.44.169.188]) by smtp.googlemail.com with ESMTPSA id c10-20020a056512238a00b005056d0f000dsm311698lfv.155.2023.11.07.02.55.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 07 Nov 2023 02:55:51 -0800 (PST) Message-ID: Date: Tue, 7 Nov 2023 17:55:49 +0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [BUG] Tangle with symbolic links don't work To: Cletip Cletip Cc: Org Mode List References: <87wmuu3lh7.fsf@localhost> Content-Language: en-US, ru-RU From: Max Nikulin Mail-Followup-To: Cletip Cletip , Org Mode List In-Reply-To: <87wmuu3lh7.fsf@localhost> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::12b; envelope-from=manikulin@gmail.com; helo=mail-lf1-x12b.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-orgmode@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+larch=yhetil.org@gnu.org Sender: emacs-orgmode-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 87F3D15C8A X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -5.00 X-Spam-Score: -5.00 X-TUID: BkmXWKtfhNvn On 06/11/2023 23:17, Ihor Radchenko wrote: > Cletip Cletip writes: > >> I have an Org file, test.org, from which I tangle code blocks into test.py. >> The complication arises because test.py is a symbolic link. I suggest to change your workflow to not depend on particular means to write tangled files. Perhaps you may set tangle directory. Unfortunately the description is too concise to figure out if it would be convenient enough. > Max, do you see any pitfalls using `file-truename'? Sorry, I am not familiar with related code path. That is why I can not reason what way to deal with file name is safer. If there is a world-writable directory in the file path (usually $TMPDIR) then `file-truename' is less safe, see https://www.kernel.org/doc/html/latest/admin-guide/sysctl/fs.html#protected-symlinks echo content >/home/ubuntu/tmp/file.txt ls -l /home/ubuntu/tmp/file.txt -rw-r--r-- 1 ubuntu ubuntu 8 Nov 7 17:29 /home/ubuntu/tmp/file.txt ls -l /tmp/ln lrwxrwxrwx 1 test test 25 Nov 7 17:10 /tmp/ln -> /home/ubuntu/tmp/file.txt Notice different owner of the symlink. echo overwrite >/tmp/ln bash: /tmp/ln: Permission denied cat /home/ubuntu/tmp/file.txt content `file-truename': echo overwrite>"$(readlink -f /tmp/ln)" cat /home/ubuntu/tmp/file.txt overwrite /usr/sbin/sysctl fs.protected_symlinks fs.protected_symlinks = 1 In general, I am never sure that Org code follows best practices in respect to security in general and in respect to /tmp in particular. The following citation is unrelated to /tmp, but the same proposed patch has an issue with predictable name in /tmp: Visuwesh… Re: [BUG] [PATCH] Add yank-media and DND handler. Wed, 27 Sep 2023 13:59:49 +0530. https://list.orgmode.org/878r8sj9xe.fsf@gmail.com > That would be quite annoying IMO. I say we let the user shoot > themselves in the foot. Even when /tmp or similar directories are not involved, a proper strategy to replace file content should be carefully chosen. E.g. cp(1) preserves inode number while install(1) replaces target file atomically (create a temporary one and rename). The latter way is more suitable for shared libraries since it allows running application to continue call function from the deleted file. I know, it is not an answer you expected from me, but giving a better one require to much efforts to read the code and to debug it.