GNU bug report logs - #38265
26.3; lock file is too easy to steal

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: Allen Li <darkfeline@HIDDEN>; dated Tue, 19 Nov 2019 08:36:01 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 38265 <at> debbugs.gnu.org:


Received: (at 38265) by debbugs.gnu.org; 20 Nov 2019 22:47:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Nov 20 17:47:30 2019
Received: from localhost ([127.0.0.1]:51032 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iXYl0-000619-CA
	for submit <at> debbugs.gnu.org; Wed, 20 Nov 2019 17:47:30 -0500
Received: from bisque.elm.relay.mailchannels.net ([23.83.212.18]:48988)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <juri@HIDDEN>) id 1iXYkv-00060X-1N
 for 38265 <at> debbugs.gnu.org; Wed, 20 Nov 2019 17:47:25 -0500
X-Sender-Id: dreamhost|x-authsender|jurta@HIDDEN
Received: from relay.mailchannels.net (localhost [127.0.0.1])
 by relay.mailchannels.net (Postfix) with ESMTP id BFFD45A101F;
 Wed, 20 Nov 2019 22:47:23 +0000 (UTC)
Received: from pdx1-sub0-mail-a44.g.dreamhost.com
 (100-96-4-107.trex.outbound.svc.cluster.local [100.96.4.107])
 (Authenticated sender: dreamhost)
 by relay.mailchannels.net (Postfix) with ESMTPA id 1F6CA5A1240;
 Wed, 20 Nov 2019 22:47:23 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|jurta@HIDDEN
Received: from pdx1-sub0-mail-a44.g.dreamhost.com ([TEMPUNAVAIL].
 [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384)
 by 0.0.0.0:2500 (trex/5.18.5); Wed, 20 Nov 2019 22:47:23 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|jurta@HIDDEN
X-MailChannels-Auth-Id: dreamhost
X-Thoughtful-Unite: 2e90d98a150bf787_1574290043540_2864638393
X-MC-Loop-Signature: 1574290043540:45737027
X-MC-Ingress-Time: 1574290043540
Received: from pdx1-sub0-mail-a44.g.dreamhost.com (localhost [127.0.0.1])
 by pdx1-sub0-mail-a44.g.dreamhost.com (Postfix) with ESMTP id 3AD23832D7;
 Wed, 20 Nov 2019 14:47:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=linkov.net; h=from:to:cc
 :subject:references:date:in-reply-to:message-id:mime-version
 :content-type:content-transfer-encoding; s=linkov.net; bh=CkgsKl
 rnDpNvSToEa85T699fP6I=; b=O/wG32VyK3fGsrBB3u/Cox9a6aWjZNrWnWaACE
 ezx0OdGzGqv51hXkCr/xGiaLqiNQrTsfN/Li8SkOCTmVduIipbDPbzca/XxfANum
 FpmXwrhtagt6G3WkqP3F2Iv8JI2x+Dp/qcoi5KFpmkTeBGcfD6I4DhSApGJAqec4
 6LMg0=
Received: from mail.jurta.org (m91-129-102-1.cust.tele2.ee [91.129.102.1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: jurta@HIDDEN)
 by pdx1-sub0-mail-a44.g.dreamhost.com (Postfix) with ESMTPSA id B3599832D5;
 Wed, 20 Nov 2019 14:47:20 -0800 (PST)
X-DH-BACKEND: pdx1-sub0-mail-a44
From: Juri Linkov <juri@HIDDEN>
To: Allen Li <darkfeline@HIDDEN>
Subject: Re: bug#38265: 26.3; lock file is too easy to steal
Organization: LINKOV.NET
References: <808soc2rhl.fsf@HIDDEN>
Date: Thu, 21 Nov 2019 00:28:09 +0200
In-Reply-To: <808soc2rhl.fsf@HIDDEN> (Allen Li's message of "Tue, 19
 Nov 2019 00:35:34 -0800")
Message-ID: <87v9rep4hy.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 38265
Cc: 38265 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

> The default ask-user-about-lock is too easy to miss.
>
> For example, if one were typing "asparagus", they would likely steal th=
e
> lock without even realizing that it happened (the "a" triggers the
> prompt on buffer modification and the "s" steals the lock).
>
> It would be nice to have the prompt be harder to hit accidentally, such
> as making all of the keys uppercase or having to type them out like
> yes/no (but the latter might be too heavyweight).  Or the prompt should
> have a short timeout before allowing the user to respond (like how
> yes-or-no-p does when you provide an invalid response).

On the request in https://lists.gnu.org/archive/html/emacs-devel/2019-11/=
msg00517.html
recently =E2=80=98(discard-input)=E2=80=99 was removed from =E2=80=98read=
-char-from-minibuffer=E2=80=99.
Should it be put back?

ask-user-about-supersession-threat uses read-char-from-minibuffer, so if
it contained =E2=80=98(discard-input)=E2=80=99 it could benefit from disc=
arding such
inadvertent input as "s".

But what about the case of keyboard macros like in the link above?
What if the user recorded a keyboard macro to input that "s" intentionall=
y?




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#38265; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 19 Nov 2019 08:35:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 19 03:35:41 2019
Received: from localhost ([127.0.0.1]:46560 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1iWyz7-0003nV-8R
	for submit <at> debbugs.gnu.org; Tue, 19 Nov 2019 03:35:41 -0500
Received: from lists.gnu.org ([209.51.188.17]:57835)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <darkfeline@HIDDEN>) id 1iWyz5-0003nN-RO
 for submit <at> debbugs.gnu.org; Tue, 19 Nov 2019 03:35:40 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:52199)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <darkfeline@HIDDEN>) id 1iWyz4-0008GU-GL
 for bug-gnu-emacs@HIDDEN; Tue, 19 Nov 2019 03:35:39 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <darkfeline@HIDDEN>) id 1iWyz3-00023r-F7
 for bug-gnu-emacs@HIDDEN; Tue, 19 Nov 2019 03:35:38 -0500
Received: from mail-pj1-x102c.google.com ([2607:f8b0:4864:20::102c]:38584)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <darkfeline@HIDDEN>)
 id 1iWyz3-00020y-22
 for bug-gnu-emacs@HIDDEN; Tue, 19 Nov 2019 03:35:37 -0500
Received: by mail-pj1-x102c.google.com with SMTP id f7so2393648pjw.5
 for <bug-gnu-emacs@HIDDEN>; Tue, 19 Nov 2019 00:35:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=felesatra-moe.20150623.gappssmtp.com; s=20150623;
 h=from:to:subject:date:message-id:mime-version;
 bh=m7C59C4jsnIdq2YXQa6xCEKRvUE+wTEoq0tQy3+MVjM=;
 b=wklPQicHXnKoJBkVH4ePCeUDaoGueHYlHUVbzMrQSDW0DotpVnzjII81S/SiB3MIdy
 8r5VGPVCP7Su099aSN6mVCF0vBfbjqQbWddBiv/ClaySYLoeR4qCAyoZP+oxeX4zX3q/
 +DgKu24BOUb+3ykjY5mhfpUCJQaNFIMC5FCvsOLLmHZjh+Iw2egKe4ufDDrRrvxOg9/L
 kognoUXsbOppP/kbeQB/0BWC1fKNvP3Q5DYUk9wvW4sNsTbOk4iv+sb4pVkov3TOyzyc
 AdTLeebwZhBPfX1SWzZarKAdNzRe3Yvr1cD/i9VfxZmvfRnTJyN8SaeYkOC1uH2oQeyn
 jhaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:mime-version;
 bh=m7C59C4jsnIdq2YXQa6xCEKRvUE+wTEoq0tQy3+MVjM=;
 b=mhqH7OzGY33WxUqsa1qnHhMOPxREUqkCFS5l8HOMkFSsZdaVQMk8GQ/BZiwcvVyrQE
 MQPLQJjx8C8EMTHSyK+4xS/g4lHzfQyH7/YTHLONqpzv/mb2lwngJpAVc8e6CzqzPEZv
 Xt67eDJdTFrniXruJaRd7zIjSChBkjDn36ocJlDxH9pf72KJXpcwV0Aryc8guoXkUOet
 TygDSeLZEUafIJi+LxUC5bhf/BRjUz5EASG5FIyTTTvRArZNU5yUivhso2VYJwN19hrH
 HU+VbE6q01kDPCsdGGAG4IzwKKJByoUn/RHfi1TX3FOIhydzdLyqNiaZORGV6wZnsEUG
 D9cA==
X-Gm-Message-State: APjAAAVTL3R1tXEEg1pUfF8uvgWNPnb/4pxO1Mzx9PvtB3BLBSqU5dwE
 HeaHMYZloD2dTvvQrckgAR9eheEjkic=
X-Google-Smtp-Source: APXvYqwpk1VjVWdtysO1CWOodLSbE8i/OhotJ/SeHxuAu5qPbJzGtWadW1asZ75ZPwMVFDEVKYqF8A==
X-Received: by 2002:a17:902:6846:: with SMTP id
 f6mr31334221pln.77.1574152535462; 
 Tue, 19 Nov 2019 00:35:35 -0800 (PST)
Received: from localhost ([2600:1700:7270:7d1f:fa59:71ff:fe00:10cc])
 by smtp.gmail.com with ESMTPSA id x70sm24292608pfd.132.2019.11.19.00.35.34
 for <bug-gnu-emacs@HIDDEN>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Nov 2019 00:35:34 -0800 (PST)
From: Allen Li <darkfeline@HIDDEN>
To: bug-gnu-emacs@HIDDEN
Subject: 26.3; lock file is too easy to steal
Date: Tue, 19 Nov 2019 00:35:34 -0800
Message-ID: <808soc2rhl.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::102c
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

The default ask-user-about-lock is too easy to miss.

For example, if one were typing "asparagus", they would likely steal the
lock without even realizing that it happened (the "a" triggers the
prompt on buffer modification and the "s" steals the lock).

It would be nice to have the prompt be harder to hit accidentally, such
as making all of the keys uppercase or having to type them out like
yes/no (but the latter might be too heavyweight).  Or the prompt should
have a short timeout before allowing the user to respond (like how
yes-or-no-p does when you provide an invalid response).

In GNU Emacs 26.3 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.10)
 of 2019-08-29 built on juergen
Windowing system distributor 'The X.Org Foundation', version 11.0.12005000
System Description:	Arch Linux




Acknowledgement sent to Allen Li <darkfeline@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#38265; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 25 Nov 2019 12:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.