On Tue, Jul 16, 2013 at 08:58:49AM +0100, Nick wrote:
Quoth Chris Down:
On 14 July 2013 20:42, Nick suckless-...@njw.me.uk wrote:
I'd be inclined to check for and filter out leading .. and /
characters, to avoid tarballs doing unexpectedly evil things.
I think all security onus for
On 2013-07-17, at 15:52, Markus Wichmann wrote:
Speaking of which, is anyone up for some suckless binutils?
Rob Landley has some vaporware here:
http://landley.net/qcc/
-Truls
On 07/17/2013 01:52 PM, Markus Wichmann wrote:
I do partially. That is, I usually list the archive before unpacking,
but I don't visually scan each and every entry, because, for one, I use
st, so no scrollback buffer (I refuse to run a terminal multiplexer in
an environment, were it is never
On Wed, Jul 17, 2013 at 04:50:03PM +, Bjartur Thorlacius wrote:
If you're just interacting with
a shell, you should be using a simple I/O text window, with or
without autocompletion.
I would very much like this to exist, using non-monospaced fonts. It
wouldn't be hard to knock something
Quoth Chris Down:
On 14 July 2013 20:42, Nick suckless-...@njw.me.uk wrote:
I'd be inclined to check for and filter out leading .. and /
characters, to avoid tarballs doing unexpectedly evil things.
I think all security onus for stuff like that should be on the user --
they can still do
On Jul 16, 2013 3:58 AM, Nick suckless-...@njw.me.uk wrote:
Quoth Chris Down:
On 14 July 2013 20:42, Nick suckless-...@njw.me.uk wrote:
I'd be inclined to check for and filter out leading .. and /
characters, to avoid tarballs doing unexpectedly evil things.
I think all security onus
Nick dixit:
What other evil things can tar creators do?
Symlinks with st_nlink ≠ 1 for one ☹ need to fix that
in paxmirabilis (MirCPIO) too.
bye,
//mirabilos
--
17:08⎜«Vutral» früher gabs keine packenden smartphones und so
17:08⎜«Vutral» heute gibts frauen die sind facebooksüchtig
On Jul 16, 2013 9:58 AM, Nick suckless-...@njw.me.uk wrote:
Going back to the workflow question, then, who here always checks
the list of all files in an archive to check that there's nothing
with a suspicious path?
I always check to see whether content is going to be placed into separate
Quoth Galos, David:
Thanks in large part to your information about how you invoke tar, I
believe I have come up with a decent solution. I also was able to
find the structified version of tar I had worked on in the past.
I'd be inclined to check for and filter out leading .. and /
characters,
On 14 July 2013 20:42, Nick suckless-...@njw.me.uk wrote:
Quoth Galos, David:
Thanks in large part to your information about how you invoke tar, I
believe I have come up with a decent solution. I also was able to
find the structified version of tar I had worked on in the past.
I'd be
Thanks in large part to your information about how you invoke tar, I
believe I have come up with a decent solution. I also was able to
find the structified version of tar I had worked on in the past.
The argument parsing is a bit ugly, so simplifications are welcome,
provided they keep the
On 2013-07-12, at 17:30, David Galos wrote:
The argument parsing is a bit ugly, so simplifications are welcome,
provided they keep the current functionality
The goto seems uncalled for. An ordinary if does the job equally well.
Also, I wonder if a mode variable isn't just as simple as the flg
The goto seems uncalled for. An ordinary if does the job equally well.
Also, I wonder if a mode variable isn't just as simple as the flg array.
Good catches. I probably went through 10 permutations of argument
parsing until I found the current one, so I'm not surprised that I missed
some
13 matches
Mail list logo