On Mon, Mar 10, 2003 at 07:43:02PM -0500, Pavel Roskin wrote:
Actually, your patch has created a security hole, but not where I
expected. extfs_cmd() doesn't quote the local filename. It was OK
before. But since the local name is now based on the entry name, it must
be quoted.
Please note
Hello!
Even worse, some programs could be exploited by giving them bogus
filenames as arguments. I like your idea, but the security issue should
be addressed (actually, it exists already because the extension can have
bad stuff too).
I'm curious how this is different from copying the
On Mon, Feb 24, 2003 at 02:22:16AM -0500, Pavel Roskin wrote:
If you preserve the whole filename, you are more likely to have spaces for
some other special characters in the filename. Some programs have
problems with spaces in the filename (e.g. rpm 4.1).
Even worse, some programs could be
On Mon, Feb 24, 2003 at 11:27:53AM +0100, Adam Byrtek / alpha wrote:
On Mon, Feb 24, 2003 at 02:26:13AM +0100, Oswald Buddenhagen wrote:
+if (basename *basename==PATH_SEP)
+ basename++;
this is totally bogus.
No, this is not 'totally bogus'. Filename var always contains at least
On Mon, Feb 24, 2003 at 03:35:32PM +0100, Oswald Buddenhagen wrote:
then add an assert(basename); and increment right away.
Sounds wise, thats what 'assert' is for... Thanks.
--
_.|._ |_ _. : Adam Byrtek /alpha/
(_|||_)| |(_| : email alpha@(irc.pl|debian.org)
| :
It is useful to have an original filename as a part of temporary
filename when editing files from extfs or vfs:
* editors can use it's features connected to file name/extension
(syntax highlihting etc.)
* user can see the real name of the file he is editing in external
editor
I've
On Mon, Feb 24, 2003 at 01:39:44AM +0100, Adam Byrtek / alpha wrote:
+basename = strrchr (filename, PATH_SEP);
+if (basename *basename==PATH_SEP)
+ basename++;
this is totally bogus.
if (basename)
basename++;
else
basename = filename;
greetings
--
Hi! I'm a .signature
Hello, Adam!
It is worth noting, that the getlocalcopy has already supported file
'extension' as a suffix (mclocalcopyX.tgz in our case, btw it was
implemented in a quite ugly way: 6 lines of code could be easily
substituted with simple strrchr), but it is not enough IMO:
* Something