Felix Schulte writes: > > That one is a surprising change, particularly so because it's > > dependent on something apparently unrelated to the problem (the result > > of isatty(0), I assume). I think it'll need to be discussed in the > > context of that future ksh replacement case. > Why? This is not stupid. The pattern could expand to multiple files > which can be used to exploit holes in setuid shell scripts. For > example foo* could expand to "foo ; > evilprogramwhichtakesoverthemachine"
Nonsense. Word expansion just doesn't work that way. $ touch "/tmp/foo ; ls" $ echo hello >> /tmp/foo* $ echo /tmp/foo* /tmp/foo ; ls $ cat /tmp/foo* hello $ > and then the box gets f*cked by > some evil hacker And that 'problem' doesn't exist for an interactive user because ... ? -- James Carlson, KISS Network <james.d.carlson at sun.com> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
