pizdel...@gmail.com said: > How do you 'enforce' NFD? > > Let the kernel normalize (ie /destructively/ transform) the file names > behind user's back, so that a file will be listed with a different name > than that with which it was created? That's very nice and secure, indeed.
I would enforce normalization at filename access time (open(), fopen(), readdir(), etc). Yes, destructively transform. I would reject filenames that won't decode. If this is documented, I just don't see how it is "behind user's back", and it at least partially solves the problem of accessing right files. FWIW I've stopped using Unicode filenames after I found that I can't type in the name of file that contains only the glyphs that I can type in, just because at that time I used keyboard layout with combining diacritical marks instead of dead keys, so my input was NFD, while name of the file I got from somewhere was NFC. > And btw, normalization won't do much about 'homographs': > > $ echo > ∕еtс∕раsswd > $ rm ∕еtс∕раsswd > $ This is a separate problem. My suggestion does not help here, which does not render it useless for other cases. -- Dmitrij D. Czarkoff