New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
copy-file misuse may lead to information disclosure vulnerabilities #4511
Comments
The I can imagine adding a flag to |
My goal is to protect users from surprises due to not understanding this unique diversion from standard unix permission semantics. I'd encourage updating the We could take inspiration from Python and include a |
What about adding a function |
I haven't paged it all back in yet, but there was some discussion about permissions with
This part reminds me that I've sometimes been interested in adding support in rktio for more recent OS copying interfaces like |
After looking a various file APIs and thinking about the trade-offs of new functions versus new arguments, here's a proposal to update the
I think it might be better if |
Support a `#:permissions` optional argument as well as one that control the interaction with a umask when the destination file is created. The optional by-position `exists-ok?` argument is still supported, but a new `#:exists-ok?` keyword argument is also available; a contract exception is raised if both the by-position and keyword variants are supplied. Related to racket#4511
Support a `#:permissions` optional argument as well as one that control the interaction with a umask when the destination file is created. The optional by-position `exists-ok?` argument is still supported, but a new `#:exists-ok?` keyword argument is also available; a contract exception is raised if both the by-position and keyword variants are supplied. Related to #4511
Do I recall correctly that all of the other file-creation functions ultimately go through
Does "combined" here mean Should we have an option for "use exactly these permissions, ignoring the umask"? (If so, maybe it's almost worth considering packing
AFAICT, Python's Overall, I guess I don't have very strong expectations about how umask will be treated outside of a few narrow situations. (Insert requisite grumbling about pervasive, implicit, mutable state here.) |
The interface I ended up pushing so far is
It's
That sounds right. I don't remember another way to create a file via Racket primitives.
The actual combination is
That ends up being the meaning of supplying
This question could apply to any Racket function that accepts multiple keyword arguments instead of a single option-specifying object. There are trade-offs either way, but our convention is generally multiple keyword arguments, and I'd prefer to stick with that here. Zuo doesn't have keyword arguments and generally uses a hash-table argument for options. Along the same lines as the Racket |
I'd missed that change in the commit: I like
I think your answer here was about
I agree that the multiple keywords are the more idiomatic solution here, and I think we can avoid options proliferating to an extent that would make the trade-off uncomfortable. The example I had in mind of an options-specifying object was |
Oh, ok. I'll add that. |
Kind of.
|
I was confused for a while before I read this more closely and realized there are three functions (among others):
I for one don't have a particular expectation about which semantics an unfamiliar file copying function might have. (If anything, I'd be most surprised by loosing resource forks!) |
What version of Racket are you using?
8.5 cs
What program did you run?
Another way to reproduce - set up POSIX ACL for default permissions on a directory.
copy-file
defeats this mechanism.What should have happened?
If you got an error message, please include it here.
Please include any other relevant details
e.g., the operating system used or how you are running the code.
NixOS 22.05. Probably reproducible on any unix like.
https://discord.com/channels/571040468092321801/618895179343986688/1048579606430617722
The text was updated successfully, but these errors were encountered: