On Tue, 11 Sep 2012 22:45:07 +0200, Andreas Tille wrote:
On Tue, Sep 11, 2012 at 07:11:20PM +0200, gregor herrmann wrote:
like calls because system does not return the number of files.
I'm attaching a small example that uses File::Find for this purpose.
Do I understand you correctly that
On Mon, Sep 10, 2012 at 10:07:40AM -0700, Don Armstrong wrote:
lines like the following:
`find $main_source_dir -path $main_source_dir/$_ -print0 | xargs -0 rm
-rf`;
should really be written like this:
system('find',$main_source_dir,'-path',$main_source_dir/$_,qw(-exec rm
-rf {}
On Tue, 11 Sep 2012 17:54:44 +0200, Andreas Tille wrote:
Point taken for those calls where user-input (= strings mentioned in
debian/copyright Files-Excluded) is involved. I left calls like
my $tempdir = tempdir ( uscan, TMPDIR = 1, CLEANUP = 1 );
my $nfiles_before = `find
Hi Gregor,
On Tue, Sep 11, 2012 at 07:11:20PM +0200, gregor herrmann wrote:
like calls because system does not return the number of files.
I'm attaching a small example that uses File::Find for this purpose.
Do I understand you correctly that these are just academic examples
to spread
Hi Charles,
On Mon, Sep 10, 2012 at 08:20:43AM +0900, Charles Plessy wrote:
I would love to get a pointer to the actual line[1] which executes
content from debian/copyright. TTBOMK, all expressions are part of the
seeking string of a find statement, nothing more.
the find commands are
On Mon, 10 Sep 2012, Andreas Tille wrote:
But these are totally different things: I understood your initial
mail that using debian/copyright is insecure. Now you come up with
the argument that using backsticks might be insecure. So either
backsticks are insecure for *any* file we are using
On Fri, Sep 07, 2012 at 03:15:27PM +0100, Ian Jackson wrote:
Charles Plessy writes (Re: Files-Excluded field and security implications of
uscan and debian/copyright.):
Le Fri, Sep 07, 2012 at 08:44:36AM +0900, Charles Plessy a écrit :
in the case of the Files-Excluded field, the contents
Le Sun, Sep 09, 2012 at 11:04:44PM +0200, Andreas Tille a écrit :
On Fri, Sep 07, 2012 at 03:15:27PM +0100, Ian Jackson wrote:
Charles Plessy writes (Re: Files-Excluded field and security implications
of uscan and debian/copyright.):
Le Fri, Sep 07, 2012 at 08:44:36AM +0900, Charles
Charles Plessy writes (Re: Files-Excluded field and security implications of
uscan and debian/copyright.):
Le Fri, Sep 07, 2012 at 08:44:36AM +0900, Charles Plessy a écrit :
in the case of the Files-Excluded field, the contents of the field
are directly executed.
I mean: the contents are
Hi Andreas and everybody,
while drafting the IANA registration for the machine-readable Debian copyright
format, I had to consider and describe security implications, and realised that
in the case of the Files-Excluded field, the contents of the field are directly
executed. One can imagine
Le Fri, Sep 07, 2012 at 08:44:36AM +0900, Charles Plessy a écrit :
in the case of the Files-Excluded field, the contents of the field are
directly
executed.
I mean: the contents are transferred to an expression that is directly executed.
Sorry for the noise,
--
Charles
--
To
11 matches
Mail list logo