Closed lucaswerkmeister closed 7 years ago
lucaswerkmeister
commented
7 years ago Shouldn’t be too hard, just need to replace the two createFile in run.ceylon with our own function that takes an additional reference parameter (named after touch(1)’s option) specifying the file whose owner should be copied. (That parameter should probably be optional and default to null to make the function more generally useful.)
lucaswerkmeister
commented
7 years ago Ugh, except of course that I’ve just hidden the ceylon.file classes behind my own Readable abstraction, for pipe mode :(
lucaswerkmeister
commented
7 years ago Well, okay, that doesn’t matter, at both use-sites I have the source path as String available, which is all I need for Paths.get.
lucaswerkmeister
commented
7 years ago Implemented in 783a83f, and @quintesse reports this works (doesn’t break) on Windows as well, so closing.
lucaswerkmeister
commented
7 years ago For example, if the formatter is running as root
Note that this is a really stupid thing which, after a bit of reflection, I don’t want to do in cformat. It would essentially be a service that copies around arbitrary files on the file system, annulling file ownership protection (we can’t check who’s connecting to the socket). Sure, the formatter only handles valid Ceylon code, but even if we assume that all parsers are strict and it’s impossible to write a file that is both valid Ceylon and a valid system config file, the possibility to truncate any file on the system is still plenty harmful. ProtectSystem=full is not enough to protect against this!
When the formatter creates new files (e. g.,
ceylon format source --to source_formatted), let’s try to copy over ownership information (Files.getOwner/setOwner). For example, if the formatter is running as root, the new files should still be owned by the original user.