On Wed, Dec 10, 2014 at 13:50:37 +0100, Jacek Konieczny wrote: > Implementing any such non-standard behaviour in the distribution is a > very bad idea. Not only we make the shell load ages to initialize > features most users don't even know about, but we may find great
1. Having zsh one can precompile shell scripts using zcompile (builtin). 2. How about colorls.sh from coreutils? I see this commit more harmful: http://git.pld-linux.org/gitweb.cgi?p=packages/coreutils.git;a=commitdiff;h=e8b91122bfecdc518241fc478b8123d0501a9318 3. WTF is that?! It alternates entire output! alias which='alias | /usr/bin/which --tty-only --read-alias --show-dot --show-tilde' $ which ls ls='ls --color=tty' /bin/ls $ \which ls ls: aliased to ls --color=tty Especially --show-dot and --show-tilde are potentially dangerous (noone should put directory starting with a dot into PATH and noone should see automated relative paths to binaries, which copy&pasted into some script might become something entirely different). This comes from which manpage, but apparently it's author ignores security implications. (and another zsh hint: one get path by prepending binary with =) > fuck-ups years later, like this one: > > http://seclists.org/fulldisclosure/2014/Nov/74 There is no fuckup, otherwise you should consider a bug in every tool aggregating application helpers (mailcap, mc, firefox) and every raw terminal output (cat). This is not a bit less secure than calling these tools directly (if someone wants to see contents of cab file, he will end up calling cabextract anyway), it might be more secure as it eventually pipes output to less (which might prevent some control characters from executing malicious code using invoking terminal). What next, removing xdg-open and entire desktop-entry? Auditing every image on a web page and every PDF to read before rendering contents? This is not a way to go, if someone is paranoid he should not run ANY tool on not-sandboxed environment, after all he might be targetted by NSA with some 0-days. Breaking application handlers stream won't help in any way, having some "ancient and obscure" compressed file one WANTS to see won't make him magically write his own parser, audit appropriate tool or any other action increasing security, unless we remove these tools from repo. The solution similar to removing firefox and telling people to use wget+more to read web pages. -- Tomasz Pala <go...@pld-linux.org> _______________________________________________ pld-devel-en mailing list pld-devel-en@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-devel-en