GNU bug report logs - #33264
Whitelist vc-follow-symlinks as a safe file variable

Message received at 33264 <at> debbugs.gnu.org:

Received: (at 33264) by debbugs.gnu.org; 15 Jul 2019 18:21:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jul 15 14:21:47 2019
Received: from localhost ([127.0.0.1]:49054 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hn5be-0003Fq-U2
	for submit <at> debbugs.gnu.org; Mon, 15 Jul 2019 14:21:47 -0400
Received: from mail-wm1-f41.google.com ([209.85.128.41]:37236)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <raaahh@HIDDEN>) id 1hn5bb-0003FH-HW
 for 33264 <at> debbugs.gnu.org; Mon, 15 Jul 2019 14:21:45 -0400
Received: by mail-wm1-f41.google.com with SMTP id f17so16163967wme.2
 for <33264 <at> debbugs.gnu.org>; Mon, 15 Jul 2019 11:21:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=Ss329H0iJuUc0Y7P+Sg4FngtgPnTy6eT2tAmUOFC4jQ=;
 b=llWFv2X4DxJRsA5FYt0iCQGQuGjODbhmHwKnf4m8ALfQLxq8eMzaz1GLru8+MCOvsn
 yUWSaDpDmmkTDgO3zVryQjHVIOePfeNtNAtsruSROrXCRqUii6MFR9RlACoXHmDI/uxK
 cc4MAgepZiS3DjiuaXuW4ojvnvAKReTC2q8xqcCWYUHs43ZC3bYZnOOYrQVeS84jiHrJ
 ElZ3W7xVu2LjIjqM3fMJ1BsV+hK52RjnxUywyS2d5QY18keCvLypaqQfog7jNIDDUvRT
 LOMo9W8MDQQVwxCbvvA2xJVRiskbbW3FhUA34kS5oTDFiikBDdUaoKSpLWnNdEV3sZJO
 8bbA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:subject:to:cc:references:from:message-id
 :date:user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=Ss329H0iJuUc0Y7P+Sg4FngtgPnTy6eT2tAmUOFC4jQ=;
 b=MdjqXGaBMDSCsvTvekjSnIYrwLtjz5uAGE/zCCoWAZJ55DZ1cij3bDKgR3Tvh8GNj5
 kuSs2OTSgH5AsVC2mej9le/mMm8XowbLnh1mtno0TzPNDJDw02J0mJ1ZUk2faPZqfEDl
 MV8d5Dz3pCOlP73pH3f3SZNC03mpW79SX8SS+1CavmHBKTdvjte5nUxFGLACIaw06HoA
 +RpBacTaOhO7Mr2wmCr6rt6CrczZcj4eKIE0aj4q00EQmd7ZLMcnWgLnreUyD7Q0espL
 PCoyTM9Fkb6ytA0QZ5UnsGbb1NhpdoZ/bzwQDBQirtR9JuaOIBt40XkLZYYA60n1B4QE
 oKeg==
X-Gm-Message-State: APjAAAUiGDWq4eXhGBcN+/Joj6Q6kE5r0DjJKX02emcsyWOaqaJprvHN
 4xXdTariTi4sZb2PtFkR7sCj5B7s
X-Google-Smtp-Source: APXvYqx2x3eiRY73hpHuJXzjfY/gThN6AZGjOlUdeXigQUnes86ylo+XAx+FNPKGEMJhWjgcH1l14w==
X-Received: by 2002:a05:600c:2549:: with SMTP id
 e9mr24168641wma.46.1563214897212; 
 Mon, 15 Jul 2019 11:21:37 -0700 (PDT)
Received: from [192.168.1.3] ([185.105.174.23])
 by smtp.googlemail.com with ESMTPSA id y16sm16533486wrw.33.2019.07.15.11.21.34
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 15 Jul 2019 11:21:35 -0700 (PDT)
Subject: Re: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
To: Lars Ingebrigtsen <larsi@HIDDEN>
References: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
 <87tvbu3ug3.fsf@HIDDEN>
 <0c431e43-3d2a-74cf-914f-00297df210d8@HIDDEN>
 <87lfwzcn5p.fsf@HIDDEN>
From: Dmitry Gutov <dgutov@HIDDEN>
Message-ID: <45f11e73-7086-c5c1-a892-15ddb6e405e8@HIDDEN>
Date: Mon, 15 Jul 2019 21:21:32 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <87lfwzcn5p.fsf@HIDDEN>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: 33264
Cc: "Eugene J." <w3techplayground@HIDDEN>, 33264 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On 15.07.2019 18:50, Lars Ingebrigtsen wrote:
> The doc string says that a nil is "dangerous", but doesn't say what the
> danger is

I don't understand the nature of the danger exactly as well, but I think 
the docstring means that the danger occurs when you edit _without_ 
following symlinks. Hence the default value (ask, then follow).

Message received at 33264 <at> debbugs.gnu.org:

Received: (at 33264) by debbugs.gnu.org; 15 Jul 2019 17:35:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jul 15 13:35:00 2019
Received: from localhost ([127.0.0.1]:48949 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hn4sO-0005rO-3V
	for submit <at> debbugs.gnu.org; Mon, 15 Jul 2019 13:35:00 -0400
Received: from quimby.gnus.org ([80.91.231.51]:45940)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1hn4sM-0005rH-B0
 for 33264 <at> debbugs.gnu.org; Mon, 15 Jul 2019 13:34:58 -0400
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=sandy)
 by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <larsi@HIDDEN>)
 id 1hn4sB-0001er-Po; Mon, 15 Jul 2019 19:34:55 +0200
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: Gustavo Barros <gusbrs.2016@HIDDEN>
Subject: Re: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
References: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
 <87tvbu3ug3.fsf@HIDDEN>
 <0c431e43-3d2a-74cf-914f-00297df210d8@HIDDEN>
 <87lfwzcn5p.fsf@HIDDEN> <8736j7s1wa.fsf@HIDDEN>
Date: Mon, 15 Jul 2019 19:34:44 +0200
In-Reply-To: <8736j7s1wa.fsf@HIDDEN> (Gustavo Barros's message of "Mon, 15
 Jul 2019 13:23:01 -0300")
Message-ID: <87ims3b3rf.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 
 Content preview:  Gustavo Barros <gusbrs.2016@HIDDEN> writes: > I’ve been
    following this thread and, if I may chime in, I think a good > reference
   in this respect is to note that `find-file-visit-truename` is > marked as
   a safe-local-variable in "files.el". 
 
 Content analysis details:   (-2.9 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
                             [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 33264
Cc: "Eugene J." <w3techplayground@HIDDEN>, 33264 <at> debbugs.gnu.org,
 Dmitry Gutov <dgutov@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Gustavo Barros <gusbrs.2016@HIDDEN> writes:

> I=E2=80=99ve been following this thread and, if I may chime in, I think a=
 good
> reference in this respect is to note that `find-file-visit-truename` is
> marked as a safe-local-variable in "files.el".

That's a good point.

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message received at 33264 <at> debbugs.gnu.org:

Received: (at 33264) by debbugs.gnu.org; 15 Jul 2019 16:23:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jul 15 12:23:14 2019
Received: from localhost ([127.0.0.1]:48863 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hn3kv-00082c-Hu
	for submit <at> debbugs.gnu.org; Mon, 15 Jul 2019 12:23:13 -0400
Received: from mail-qt1-f170.google.com ([209.85.160.170]:36463)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <gusbrs.2016@HIDDEN>) id 1hn3kt-00082P-IY
 for 33264 <at> debbugs.gnu.org; Mon, 15 Jul 2019 12:23:12 -0400
Received: by mail-qt1-f170.google.com with SMTP id z4so16259527qtc.3
 for <33264 <at> debbugs.gnu.org>; Mon, 15 Jul 2019 09:23:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=waRD7y04w8c0/l3E4jM+wyAXEOIbAU0aAsxEQ2b2QHo=;
 b=fvGdCOocoBIUbjl5tJ5GEyn7tt/va3MA6aM25IWvxO80DVrKHRdd/TQoZGb6R+FBHq
 ElmV7lRwfcVU/uodc8ODSzz4yWdkzJQN3xWgm/IZU0YmNDdVVZgHFsnHm0gHJodroUBy
 ZlXvPfTG675TC2EUGQdyOFuiCUit4xgT/RLZe55biIDfabA3578mGC59xpYR7pcVpAwd
 w2CP9Iz1tzpO7w6gtqBJKVIx2mX291DKqtXMfH3dOO1JCNrOalsRv0Yw23zrFhnJPZkG
 xg1QTz2XGHDZ3gHx6ih+9p0tQLN/Mf6nwTy1xyI/K9nGyeHdolOE2CKsm9MKWhQ/Rn4l
 e2pA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:from:to:cc:subject:references:date
 :in-reply-to:message-id:user-agent:mime-version
 :content-transfer-encoding;
 bh=waRD7y04w8c0/l3E4jM+wyAXEOIbAU0aAsxEQ2b2QHo=;
 b=UoY77l3UCHx5o036CjMijfmeXnFgmWyvHAwJs8esy8jbAC/0GqBCCX3UfhXBjsxMl/
 Wpo+FWNju9g+ajUz/ZAmKjEkxJ6kiUnYRfFU/tvoqZntwmB944Tbq7aKI7qRep8B8zb6
 vQyC6habnGvcGaD+ZQBuWKykctYQLFgq/DAJVEzomr0pj4tooxI8w9YDR/UQDQ0p6LfF
 /bheuC51c4igdW7dhYUMg8XWYckkfqoOwpB2mi9o7doFZ4LtJ9X8+Kd8yQlwqyD6tenW
 Wd5g1U8M90tO6BE6Hk+BF7D/cbpYfte3UuuCI5G/WHxVQHMNAo9PU323LeDXO3xz+lW1
 zCvw==
X-Gm-Message-State: APjAAAWWYFaoC1nVTOUMfHDK/RoT88hpPOxAIJ/IOkTgohDAS0zLWdjV
 25fHf9I+LULFXUbwjIYT3YNvf5gtHiU=
X-Google-Smtp-Source: APXvYqxAm8+Y68gAgw2/9UVxunfr+LqsIC7po/JngyTzufOxr8LoUHTCLnA/WUWKpqWp4eUYz2qUeQ==
X-Received: by 2002:ac8:7941:: with SMTP id r1mr14033068qtt.82.1563207785715; 
 Mon, 15 Jul 2019 09:23:05 -0700 (PDT)
Received: from gusbrs-laptop (ip-95-2-52-196.nyc.us.northamericancoax.com.
 [196.52.2.95])
 by smtp.gmail.com with ESMTPSA id m19sm8255374qkk.29.2019.07.15.09.23.03
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Mon, 15 Jul 2019 09:23:05 -0700 (PDT)
From: Gustavo Barros <gusbrs.2016@HIDDEN>
To: Lars Ingebrigtsen <larsi@HIDDEN>
Subject: Re: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
References: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
 <87tvbu3ug3.fsf@HIDDEN>
 <0c431e43-3d2a-74cf-914f-00297df210d8@HIDDEN>
 <87lfwzcn5p.fsf@HIDDEN>
Date: Mon, 15 Jul 2019 13:23:01 -0300
In-Reply-To: <87lfwzcn5p.fsf@HIDDEN> (Lars Ingebrigtsen's message of
 "Mon, 15 Jul 2019 17:50:26 +0200")
Message-ID: <8736j7s1wa.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: 33264
Cc: "Eugene J." <w3techplayground@HIDDEN>, 33264 <at> debbugs.gnu.org,
 Dmitry Gutov <dgutov@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Hi all,

On Mon, Jul 15 2019, Lars Ingebrigtsen wrote:

> Dmitry Gutov <dgutov@HIDDEN> writes:
>
>> I've tried to imagine a security issue stemming from it (e.g. linking
>> to an external directory tree with its own dir-locals values, and
>> then... what?), but didn't really come up with anything significant.
>
> The doc string says that a nil is "dangerous", but doesn't say what the
> danger is:
>
> ---
> What to do if visiting a symbolic link to a file under version control.
> Editing such a file through the link bypasses the version control system,
> which is dangerous and probably not what you want.
>
> If this variable is t, VC follows the link and visits the real file,
> telling you about it in the echo area.  If it is =E2=80=98ask=E2=80=99, V=
C asks for
> confirmation whether it should follow the link.  If nil, the link is
> visited and a warning displayed.
> ---
>
> I'm guessing it doesn't really mean "dangerous", but instead "not
> optimal in most cases".


I=E2=80=99ve been following this thread and, if I may chime in, I think a g=
ood
reference in this respect is to note that `find-file-visit-truename` is
marked as a safe-local-variable in "files.el".

(Except that, as far as I can tell, it doesn=E2=80=99t work as a local
variable. See https://emacs.stackexchange.com/q/51495/18951. But that is
beyond the point here.)

Best regards,
Gustavo Barros.

Message received at 33264 <at> debbugs.gnu.org:

Received: (at 33264) by debbugs.gnu.org; 15 Jul 2019 15:50:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jul 15 11:50:34 2019
Received: from localhost ([127.0.0.1]:48817 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hn3FK-00078v-DG
	for submit <at> debbugs.gnu.org; Mon, 15 Jul 2019 11:50:34 -0400
Received: from quimby.gnus.org ([80.91.231.51]:44726)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1hn3FH-00078h-TO
 for 33264 <at> debbugs.gnu.org; Mon, 15 Jul 2019 11:50:33 -0400
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=sandy)
 by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <larsi@HIDDEN>)
 id 1hn3FD-0000jO-8r; Mon, 15 Jul 2019 17:50:29 +0200
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: Dmitry Gutov <dgutov@HIDDEN>
Subject: Re: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
References: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
 <87tvbu3ug3.fsf@HIDDEN>
 <0c431e43-3d2a-74cf-914f-00297df210d8@HIDDEN>
Date: Mon, 15 Jul 2019 17:50:26 +0200
In-Reply-To: <0c431e43-3d2a-74cf-914f-00297df210d8@HIDDEN> (Dmitry Gutov's
 message of "Mon, 15 Jul 2019 18:29:58 +0300")
Message-ID: <87lfwzcn5p.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview: Dmitry Gutov <dgutov@HIDDEN> writes: > I've tried to
 imagine
 a security issue stemming from it (e.g. linking > to an external directory
 tree with its own dir-locals values, and > then... what?), but didn't really
 come up with anything si [...] 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 33264
Cc: "Eugene J." <w3techplayground@HIDDEN>, 33264 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Dmitry Gutov <dgutov@HIDDEN> writes:

> I've tried to imagine a security issue stemming from it (e.g. linking
> to an external directory tree with its own dir-locals values, and
> then... what?), but didn't really come up with anything significant.

The doc string says that a nil is "dangerous", but doesn't say what the
danger is:

---
What to do if visiting a symbolic link to a file under version control.
Editing such a file through the link bypasses the version control system,
which is dangerous and probably not what you want.

If this variable is t, VC follows the link and visits the real file,
telling you about it in the echo area.  If it is =E2=80=98ask=E2=80=99, VC =
asks for
confirmation whether it should follow the link.  If nil, the link is
visited and a warning displayed.
---

I'm guessing it doesn't really mean "dangerous", but instead "not
optimal in most cases".

Anyway, what would the safe-local values be?  nil, t and ask or just
nil?

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message received at 33264 <at> debbugs.gnu.org:

Received: (at 33264) by debbugs.gnu.org; 15 Jul 2019 15:30:07 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jul 15 11:30:07 2019
Received: from localhost ([127.0.0.1]:48798 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hn2vX-0006bT-2i
	for submit <at> debbugs.gnu.org; Mon, 15 Jul 2019 11:30:07 -0400
Received: from mail-wm1-f44.google.com ([209.85.128.44]:36304)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <raaahh@HIDDEN>) id 1hn2vV-0006aW-VD
 for 33264 <at> debbugs.gnu.org; Mon, 15 Jul 2019 11:30:06 -0400
Received: by mail-wm1-f44.google.com with SMTP id g67so11551052wme.1
 for <33264 <at> debbugs.gnu.org>; Mon, 15 Jul 2019 08:30:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=wLLFu5oleJulS4XNCyqOGBr9Bx2Dg2qPwo0fqR0RjPk=;
 b=Mupr1Ug1B1AS4zIjt9zy2vAqOrVLci97MdZlxRENAkhbMDiP50i8CB/SG6K6gco9Tf
 sfQF3zY8Vd1bPwleDhvhzK3pt8kdForT4ffjH2hu1PlG157Vg1S0JuhUy3siB5q4m2W6
 /LYJmREmb2py5ZUF6T5UgRV+plwTAKLY+B/HzhXGhpwQGhHzpUVW92fQQeq0clo76fYx
 F3ArY4+PDcNQtxNp6rdpo88RPJnx/walt3MwxSURVnW0R8d9m8a4IbCoqlQFOqJ0qMaQ
 /zMaFneXxKi9aBxQ7HOwF9oPGrwPROmESBOF9LbK5XmBUK3zwBp3y8yThsM49AvHxvlM
 OxBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:subject:to:cc:references:from:message-id
 :date:user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=wLLFu5oleJulS4XNCyqOGBr9Bx2Dg2qPwo0fqR0RjPk=;
 b=dxJiMv/2HGU5ydd0ZG0bNcCBZlgP/8nH9cjQQsAMmjRxjouCvVaMfKpLvbG5QOo3yC
 qQNcUFeKhoQLPe5a1IVz98KCEkCbZ1yG2KW99Z+Iv5+FLnrCdhukhQh7Nt4V7qZWik9J
 HtjuBM3joPY5p4SeH7HBRlXjc4YQK1gPxJN2qNCL8QqFRdJXbKVbGzoByDl0BQws64lY
 He7orzP63nrRBSpFN5LWku9kfiqkz+zO342vi9GGrHAa4o7Bo75XTeY7wO7spJLtLiKJ
 pYbYbG7+vaFJhwIfcmYvuJQLwTUgQGkjykx77Bdx//3XWuaZrP/8UMJEwjKpQSNvtNFD
 6Ukg==
X-Gm-Message-State: APjAAAUhN+9dKtQnPJL0WDcZHiiJ37/6EtU+U+DRAD7zJfUmgE4ZTNtT
 m72cK0BbT+l3bSYVmuwingBATBzq
X-Google-Smtp-Source: APXvYqzomcounVkGg2+sJJO6MpVT3uOwU+TLCG9F26cFfHcjb1aqOqPtyz6BZpE69DYbOBPwCnA+CA==
X-Received: by 2002:a1c:9d53:: with SMTP id g80mr19991378wme.103.1563204599820; 
 Mon, 15 Jul 2019 08:29:59 -0700 (PDT)
Received: from [192.168.0.195] ([109.110.245.170])
 by smtp.googlemail.com with ESMTPSA id j33sm39562130wre.42.2019.07.15.08.29.58
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 15 Jul 2019 08:29:59 -0700 (PDT)
Subject: Re: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
To: Lars Ingebrigtsen <larsi@HIDDEN>, "Eugene J."
 <w3techplayground@HIDDEN>
References: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
 <87tvbu3ug3.fsf@HIDDEN>
From: Dmitry Gutov <dgutov@HIDDEN>
Message-ID: <0c431e43-3d2a-74cf-914f-00297df210d8@HIDDEN>
Date: Mon, 15 Jul 2019 18:29:58 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <87tvbu3ug3.fsf@HIDDEN>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 33264
Cc: 33264 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)

On 10.07.2019 16:11, Lars Ingebrigtsen wrote:
> "Eugene J." <w3techplayground@HIDDEN> writes:
> 
>> It is useful to have directory local `vc-follow-symlinks` with value
>> `nil` when you have to use symlink paths in a particular case while
>> having it `ask` or `t` as a default.  Marking the variable as "safe
>> file variable" will reduce the friction.
> 
> That seems reasonable.  Does anybody else object to marking this
> variable as a safe file variable?

Sounds good to me.

I've tried to imagine a security issue stemming from it (e.g. linking to 
an external directory tree with its own dir-locals values, and then... 
what?), but didn't really come up with anything significant.

Message received at 33264 <at> debbugs.gnu.org:

Received: (at 33264) by debbugs.gnu.org; 10 Jul 2019 13:12:02 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jul 10 09:12:02 2019
Received: from localhost ([127.0.0.1]:35060 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1hlCOA-000324-0K
	for submit <at> debbugs.gnu.org; Wed, 10 Jul 2019 09:12:02 -0400
Received: from quimby.gnus.org ([80.91.231.51]:37424)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <larsi@HIDDEN>) id 1hlCO8-00031f-0Y
 for 33264 <at> debbugs.gnu.org; Wed, 10 Jul 2019 09:12:00 -0400
Received: from cm-84.212.202.86.getinternet.no ([84.212.202.86] helo=marnie)
 by quimby.gnus.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.89) (envelope-from <larsi@HIDDEN>)
 id 1hlCO4-0000XA-Vl; Wed, 10 Jul 2019 15:11:59 +0200
From: Lars Ingebrigtsen <larsi@HIDDEN>
To: "Eugene J." <w3techplayground@HIDDEN>
Subject: Re: bug#33264: Whitelist vc-follow-symlinks as a safe file variable
References: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
Date: Wed, 10 Jul 2019 15:11:56 +0200
In-Reply-To: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
 (Eugene J.'s message of "Mon, 5 Nov 2018 04:54:56 +0200")
Message-ID: <87tvbu3ug3.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 @@CONTACT_ADDRESS@@ for details.
 Content preview: "Eugene J." <w3techplayground@HIDDEN> writes: > It is
 useful
 to have directory local `vc-follow-symlinks` with value > `nil` when you
 have to use symlink paths in a particular case while > having it `ask` or
 `t` as a default. Marking the variable [...] 
 Content analysis details:   (-2.9 points, 5.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -1.0 ALL_TRUSTED            Passed through trusted hosts only via SMTP
 -1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
 [score: 0.0000]
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 33264
Cc: 33264 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

"Eugene J." <w3techplayground@HIDDEN> writes:

> It is useful to have directory local `vc-follow-symlinks` with value
> `nil` when you have to use symlink paths in a particular case while
> having it `ask` or `t` as a default.  Marking the variable as "safe
> file variable" will reduce the friction.

That seems reasonable.  Does anybody else object to marking this
variable as a safe file variable?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 5 Nov 2018 02:55:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Nov 04 21:55:39 2018
Received: from localhost ([127.0.0.1]:34472 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1gJV3B-00008h-HE
	for submit <at> debbugs.gnu.org; Sun, 04 Nov 2018 21:55:39 -0500
Received: from eggs.gnu.org ([208.118.235.92]:56718)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <w3techplayground@HIDDEN>) id 1gJV39-00008R-Dg
 for submit <at> debbugs.gnu.org; Sun, 04 Nov 2018 21:55:35 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <w3techplayground@HIDDEN>) id 1gJV2z-0001nU-1L
 for submit <at> debbugs.gnu.org; Sun, 04 Nov 2018 21:55:26 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,FREEMAIL_FROM,
 HTML_MESSAGE autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:34419)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <w3techplayground@HIDDEN>)
 id 1gJV2v-0001dr-SB
 for submit <at> debbugs.gnu.org; Sun, 04 Nov 2018 21:55:23 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38022)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <w3techplayground@HIDDEN>) id 1gJV2v-00072M-2I
 for bug-gnu-emacs@HIDDEN; Sun, 04 Nov 2018 21:55:21 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <w3techplayground@HIDDEN>) id 1gJV2p-0001Nj-4R
 for bug-gnu-emacs@HIDDEN; Sun, 04 Nov 2018 21:55:20 -0500
Received: from mail-it1-x12d.google.com ([2607:f8b0:4864:20::12d]:52894)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <w3techplayground@HIDDEN>)
 id 1gJV2l-00019c-Nf
 for bug-gnu-emacs@HIDDEN; Sun, 04 Nov 2018 21:55:13 -0500
Received: by mail-it1-x12d.google.com with SMTP id t190-v6so4991592itb.2
 for <bug-gnu-emacs@HIDDEN>; Sun, 04 Nov 2018 18:55:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=keRNw3zsR4C05pijKhjCbVRYOd2JZKMeeBTb8HJZorU=;
 b=EMSIuctfudJnC83sGevS2LHrSOHq6tn2WBCK8FcdnK24Sr39mSAjF6UdaQCSCODesY
 lFx/RvayA6hfJkHU/A65St51d9vaPz8vyZFJScPARSvsSRj46rxZZbSsem2NZY56pMaq
 Qab2i5c4KdoGp1RlewajmXl3VDeXD44X9D3ur8JgrGHLKzm2nXJaeuphDv99gNoIr0ud
 1vM/tUXGpq3ybBs9NBTAG11lZalDSZlXJChjxBdr7rPVzGUVX0ymDYH957zjJZboXC2/
 C87DSPtzSLLdDwbTjaRr5yqmMEI9cBAWFJkJ19jcND2M0akRuk2jfJET5/TgIF6rnv8r
 3Gzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=keRNw3zsR4C05pijKhjCbVRYOd2JZKMeeBTb8HJZorU=;
 b=e3jbNrmUbVJD5XeUkbjeCU3PKD/6vdJEdZ9k30VVlfGpGKzSVzyybeOV6zScKspjsA
 pWhuNLKnyKx0w4zPz5UvA0FzXBGbrctorm3YJ/OsUMFha9xJ2bB/MDVxiq0wh6zKxlqC
 PHatt7zpLog9YRO4GNIKs0J5CXoBwJBJvJU8wodELXpcMp1OzaGnVZXoeXPAy/FxtluI
 MAQVatL9bHNQC1+HewJpf27BdiMVJfaCUG3OT/cgXKq1Z4f2AoriAf2zdpeTh12Dg3oM
 DPPaN6G3KsbvDkIbz/ZHWb1fRucHGtXIPF6kYdillsU+R7gqAb+z3D9gV5257YhgFyQP
 +eKA==
X-Gm-Message-State: AGRZ1gJZb8SNQ2Q2L65sgsrIe8i3d7x+JGTDvVrwoldCCVVJenlYf5aW
 sumVFHI0SeESCr1afCaePrpzITWg6qiiyuRh9j7OltsG
X-Google-Smtp-Source: AJdET5dFFq2j2X7/cZZpOR0Ivz0k5tjKJ8CvanEUJrf6HYukoWmHpGQSS0RDcRH899bslUJhw76jUFlE0v8BF5gIj7o=
X-Received: by 2002:a24:1c85:: with SMTP id
 c127-v6mr2486081itc.148.1541386507663; 
 Sun, 04 Nov 2018 18:55:07 -0800 (PST)
MIME-Version: 1.0
From: "Eugene J." <w3techplayground@HIDDEN>
Date: Mon, 5 Nov 2018 04:54:56 +0200
Message-ID: <CADZ8+p32rh=bgq-5VLpyqpJR-MPT=ft8rFEBawWRQvcCPJC8Tw@HIDDEN>
Subject: Whitelist vc-follow-symlinks as a safe file variable
To: bug-gnu-emacs@HIDDEN
Content-Type: multipart/alternative; boundary="000000000000403d260579e20395"
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

--000000000000403d260579e20395
Content-Type: text/plain; charset="UTF-8"

It is useful to have directory local `vc-follow-symlinks` with value `nil`
when you have to use symlink paths in a particular case while having it
`ask` or `t` as a default.
Marking the variable as  "safe file variable" will reduce the friction.

--000000000000403d260579e20395
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><div di=
r=3D"ltr"><div dir=3D"ltr">It is useful to have directory local `vc-follow-=
symlinks` with value `nil` when you have to use symlink paths in a particul=
ar case while having it `ask` or `t` as a default.=C2=A0</div><div dir=3D"l=
tr">Marking the variable as=C2=A0 &quot;safe file variable&quot;=C2=A0will =
reduce the friction.</div></div></div></div></div></div>

--000000000000403d260579e20395--