Re: Easy configuration of a site-lisp directory

[Arthur Miller]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Arthur Miller <arthur.miller@live.com>
>> Cc: monnier@iro.umontreal.ca,  philipk@posteo.net,  emacs-devel@gnu.org
>> Date: Sat, 21 Aug 2021 16:34:34 +0200
>> 
>> I understand they consider it a security issue, but I don't understand
>> why. Couldn't they apply same rules to symlinked file access as if the
>> access was direct?
>
> If the symlink resolution is done below the level where access rights
> are checked, you cannot do that.

Which means we can leak access rights if we symlink from priviledged
ring into lesser access right ring, or how they call it? Or I missunderstand.

> Also, the ACL system on Windows is very complex, and there are a lot
> of access rights inherited indirectly, so maybe there's more to it
> than meets the eye.  Like I said, I'm not an expert on this stuff.
>> Bit I guess Microsoft has acquired quite clever
>> people so they have their reasons. I don't think they removed symlinks
>> just because, for no good reason.
>
> Symlinks are not removed from Windows, they are present (and Emacs on
> Windows supports them).
Oh sorry for the last, my brain was on the vacation, "removed" I meant
from original design ... back in VMS/VAX time I was still in thoughts of
another replay. As I understand they added symlinks "relatively"
recently (in Vista), but I maybe missunderstood there.