Ludovic Courtès wrote:
Hi,
Thomas Lord <[EMAIL PROTECTED]> writes:
Now, it seems that `is_non_upwards_relative_path ()' would also reject
paths like `chbouib/../foo' which theoretically it should accept. But
well, arguably, that shouldn't be too much of a problem. ;-)
The simpler rule is easy to explain and handling that generality properly
would be pretty tricky.
Well, there are `realpath(3)' (which is specified by SuSv2 [0]) and
`canonicalize_file_name(3)' (an equivalent GNU extension). These
functions handle symlinks as well.
Thus, the "right thing" might be to pass paths through them and then
check for a common prefix with the (canonicalized) tree root path,
rather than use `is_non_upwards_relative_path ()'.
This way, Arch would be resistant against maliciously-broken-config
attacks. ;-)
Ok, yr just f'ing around now, right?
I mean, you do understand that the paths in question *don't exist* at the
point in time where canonicalization is desired, right? And therefore
the functions you mention can not possibly do a Right Thing.
Yr just baiting me, right? And, ha! -- called you out on it.
(Or are you just being sloppy?)
Regards,
-t
Thanks,
Ludovic.
[0] http://www.opengroup.org/onlinepubs/007908799/xsh/realpath.html
_______________________________________________
Gnu-arch-users mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/
_______________________________________________
Gnu-arch-users mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/
