Hi John, On Tue, 19 Mar 2013 22:01:45 -0400 John Cowan <[email protected]> wrote:
> Mario Domenech Goulart scripsit: > >> b. Drop ##sys#expand-home-path. Do not implicitly expand ~ and >> environment variables in pathnames. Provide a procedure to expand ~ >> in pathnames. That's what this patch implements. > > I suggest: > > b2. Keep ##sys#expand-home-path, but make it the identity function. > Provide a procedure to expand ~ in pathnames. > > That way, the security problem is removed, but we do not have to find > and fix every reference to ##sys#expand-home-path. IMO, in this case we should just remove ##sys#expand-home-path, since it is an internal procedure. Users should not rely on stability of the internal API. By keeping ##sys#expand-home-path as an identity procedure, we'd be just polluting the core and adding a useless procedure call to every procedure of the filesystem API. Best wishes. Mario -- http://parenteses.org/mario _______________________________________________ Chicken-hackers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/chicken-hackers
