resolved. On Sat, Jun 22, 2013 at 6:07 PM, Petr Bena <[email protected]> wrote: > The issues: > > no --verbose, --group, --help, --version, --recursive (it's recursive > everytime, which may not be what user wants) > > no need to implement them, this version already has them and IMHO the > source code is more structured (it is also written in c ++ but it uses > classes and it's not in 1 file only) > > the issues you just pointed out will be quickly resolved... > > On Sat, Jun 22, 2013 at 5:50 PM, Marc A. Pelletier <[email protected]> wrote: >> On 06/22/2013 09:20 AM, Petr Bena wrote: >>> More secure >> >> If you want, I'll do a complete security review but even at first glance >> your version is much less secure: you are using path names without >> holding the directories open, you are not guaranteeing your checks are >> all on the same object(s), and you have no guards against substitution >> through a race condition. >> >> Any utility of the sort must: >> >> (a) take ownership of files whose owning groups your are in >> (b) only in directories you own >> >> Anything else is overbroad and open to abuse in a number of ways. >> >> I don't know what issues and requests related to take you refer to, but >> I'd rather address them with the current scheme. :-) >> >> -- Marc >> >> >> _______________________________________________ >> Labs-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/labs-l
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
