The issues: no --verbose, --group, --help, --version, --recursive (it's recursive everytime, which may not be what user wants)
no need to implement them, this version already has them and IMHO the source code is more structured (it is also written in c ++ but it uses classes and it's not in 1 file only) the issues you just pointed out will be quickly resolved... On Sat, Jun 22, 2013 at 5:50 PM, Marc A. Pelletier <[email protected]> wrote: > On 06/22/2013 09:20 AM, Petr Bena wrote: >> More secure > > If you want, I'll do a complete security review but even at first glance > your version is much less secure: you are using path names without > holding the directories open, you are not guaranteeing your checks are > all on the same object(s), and you have no guards against substitution > through a race condition. > > Any utility of the sort must: > > (a) take ownership of files whose owning groups your are in > (b) only in directories you own > > Anything else is overbroad and open to abuse in a number of ways. > > I don't know what issues and requests related to take you refer to, but > I'd rather address them with the current scheme. :-) > > -- Marc > > > _______________________________________________ > Labs-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/labs-l _______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
