On 06/22/2013 09:20 AM, Petr Bena wrote: > More secure If you want, I'll do a complete security review but even at first glance your version is much less secure: you are using path names without holding the directories open, you are not guaranteeing your checks are all on the same object(s), and you have no guards against substitution through a race condition.
Any utility of the sort must: (a) take ownership of files whose owning groups your are in (b) only in directories you own Anything else is overbroad and open to abuse in a number of ways. I don't know what issues and requests related to take you refer to, but I'd rather address them with the current scheme. :-) -- Marc _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
