Status of MC

[Pavel Roskin <proski gnu org>]

Hello!

Recently I had more time to spend on MC, and I'm glad to say that I'm
running out of the problems that I considered release-critical two months
ago.  The bad thing, the new problems are reported or found by me during
testing, and some of them just cannot be ignored if we are going to
release a stable version.

On the other hand, I fixed recently some very unsafe code in VFS, and at
least one of the bugs fixed by that change is known to be remotely
exploitable.  I'm very uncomfortable with having known security issues in
the latest stable release 4.5.55.

Being so close to the release on the main branch, I would prefer to
release 4.6.0 rather than make a 4.5.56 release off the stable branch.  
Another reason is that the main branch has some fixes for invalid memory
access that can be exploitable as well.  I just don't have time to go
through all patches made since 4.5.55 release almost a year ago to find
all security-related issues.

I believe that we should make 4.6-pre1 prerelease during the next week.  
I don't care about updated translations and other little details.  The
important thing is to have something released as the version more stable
and more secure than 4.5.55, although not so stable as we would like 4.6.0
to be.

If anybody has any issues that need to be dealt with before 4.6-pre1 
prerelease, please let me know.

Let me list the issues that I consider important for the 4.6.0 release.  
I'll separate them into blocks this time.

Subshell block
==============

1) Fix subshell to work with Cygwin.

There are still subshell issues with Cygwin.  Cygwin has significantly
improved since the time when mc-4.5.55 was released.  It cannot be
ignored, since it's a platform of choice for many developers, and mc for
Cygwin cannot be fully substituted by Far Manager or any other program not
native to Cygwin.

2) Fix subshell to work with QNX Neutrino.

Since I now understand the subshell support much better, I probably should 
look one more time into the problems I had on QNX Neutrino while testing 
mc before 4.5.55 release.  I remember there was a problem with zsh.

3) Fix problems that appear if an extra Enter is pressed but not consumed 
by the program running in the subshell.

I have a long term plan that includes replacing "kill" and "pwd" with a
special subshell helper that would drain the input among other things, but
it's certainly not a 4.6.0 material.  I'm going to try two approaches.  
One is to drain the user input in synchronize(), so that the extra
commands never reach the shell.  The other approach is to track the state
of the command, and unless we are waiting for the command to complete,
just send SIGCONT to the shell.

Extension block
===============

I'm tired of petty debates about the best MPEG player or the best reader
for *.doc files.  I envision future versions of mc choosing the best tool
based on its presence in the PATH, on the environment variables, such as
EDITOR, PAGER, DISPLAY, and on the user preferences (e.g. we could have an
option for opening xterm windows for text programs when running under X).

There are things that can be easily added before 4.6.0.  There are things
that require discussion and careful design.  However, I don't want 4.6.0
to have a unique syntax for mc.ext that neither the previous not the
subsequent versions will be able to understand.  That's why the patch for
XOpen hasn't been applied - XOpen will be replaced with more generic
syntax if I add it now.

I think that this block can be skipped until after 4.6.0, so that we make
more radical changes (path check) that will allow a better solution.  but
I'd like to have some feedback on the issues I consider important.

1) Try using "links" for HTML rendering.

RedHat 7.3 installs "links", but not "lynx" in the default configuration.  
I'm sure that a lot of other systems install "lynx" but not "links".  
Using shell || is unreliable because "links" can fail for reasons other
than being absent.  I don't want to put a good chunk of shell code into
mc.ext to find the best browser.  I also don't like the idea of finding
the best browser at the compile time (although it's done for X11
browsers).

2) Need a way to force full path, but make a local copy if needed.

Some popular software (Mozilla, StarOffice) requires full path to the file
on the command line.  Using %d/%p disables retrieving the local copy from 
VFS.  %f doesn't force full path on the local filesystem.  We need some 
better way to request or disable a local copy, not tied to other options 
(e.g. %u could have a variant that would make local copies to all files).

3) Opening some files on remote VFS is broken.

Try pressing Enter on a PNG image on VFS.  It won't show up.  The reason
is that the viewer is run in the background, so that mc can be used before
the viewer exits.  Running in the background means that the shell finishes
immediately, and the local copy is deleted.

Support for X applications can be done much better.  But I really don't
know if it's better to remove the local copy while it's open by the X
application (which can misbehave if it doesn't load the whole file) or
monitor that application from mc (but what if mc teminates before the X
application?) or run the X application from shell and remove the file from
the shell script (can be very bad if the application is an editor).

File management block
=====================

1) There is no "ignore all" in case of permission problems.  In some
cases, it's simply impossible to copy the whole directory if there are
problems setting permissions for some of the subdirectories.

2) Timestamp should not be shown for ".." entries, it's invalid.

VFS block
=========

1) Hard links in cpio archives have 0 length

Can be very nasty if somebody uses mc to extract files from rpm packages.  
I had this problem myself more than once.  Making two copies would be a 
better alternative to extracting empty files.  Showing hard links as 
relative symlinks would be fine too.

2) FTP with non-root home is brocken.

You go to user server, see your home directory, but cannot copy anything 
into it.  I believe that the best solution would be to give mc_chdir() 
some way to indicate that the current directory is not exactly what was 
requested.  Documenting a workaround is not a solution.

3) Better parser for date.

I have two independent reports about files beginning with a year-like
number (e.g. 2000) followed by a space.  I think it should be safe to
assume that is we see seconds after month, we cannot have year immediately
after seconds (we can have a timezone in between, although it's very
unlikely on FTP).  And of course we should never have two years in the
same date.

4) Error recovery in FiSH is broken.

FiSH goes crazy after permission errors, such as a failure to read a 
remote file.

5) Crash in SMB.

Go straight to //server/user/directory, then try copying something to
//server/user - mc crashes.  This probably has to do with support for
share listing (i.e listing for //server/), which is not properly
initialized if the user starts with a subdirectory.

-- 
Regards,
Pavel Roskin