On Mon, Mar 10, 2003 at 07:43:02PM -0500, Pavel Roskin wrote:
> Actually, your patch has created a security hole, but not where I
> expected. extfs_cmd() doesn't quote the local filename. It was OK
> before. But since the local name is now based on the entry name, it must
> be quoted.
Please no
Hello, Adam!
> I've applied your patch with minimal changes. Thank you!
Actually, your patch has created a security hole, but not where I
expected. extfs_cmd() doesn't quote the local filename. It was OK
before. But since the local name is now based on the entry name, it must
be quoted.
Try
Hello!
> > Even worse, some programs could be exploited by giving them bogus
> > filenames as arguments. I like your idea, but the security issue should
> > be addressed (actually, it exists already because the extension can have
> > bad stuff too).
>
> I'm curious how this is different from copy
On Mon, Feb 24, 2003 at 03:35:32PM +0100, Oswald Buddenhagen wrote:
> then add an assert(basename); and increment right away.
Sounds wise, thats what 'assert' is for... Thanks.
--
_.|._ |_ _. : Adam Byrtek /alpha/
(_|||_)| |(_| : email alpha@(irc.pl|debian.org)
| : j
On Mon, Feb 24, 2003 at 11:27:53AM +0100, Adam Byrtek / alpha wrote:
> On Mon, Feb 24, 2003 at 02:26:13AM +0100, Oswald Buddenhagen wrote:
> > > +if (basename && *basename==PATH_SEP)
> > > + basename++;
> > this is totally bogus.
>
> No, this is not 'totally bogus'. Filename var always contain
On Mon, Feb 24, 2003 at 02:26:13AM +0100, Oswald Buddenhagen wrote:
> > +if (basename && *basename==PATH_SEP)
> > + basename++;
> this is totally bogus.
No, this is not 'totally bogus'. Filename var always contains at least
one PATH_SEP:
cdbackup-0.6.3.tar.gz#utar/cdbackup-0.6.3/CHANGES
/#f
On Mon, Feb 24, 2003 at 02:22:16AM -0500, Pavel Roskin wrote:
> If you preserve the whole filename, you are more likely to have spaces for
> some other special characters in the filename. Some programs have
> problems with spaces in the filename (e.g. rpm 4.1).
>
> Even worse, some programs could
On Mon, Feb 24, 2003 at 02:22:16AM -0500, Pavel Roskin wrote:
> If you preserve the whole filename, you are more likely to have spaces for
> some other special characters in the filename. Some programs have
> problems with spaces in the filename (e.g. rpm 4.1).
>
> Even worse, some programs could
Hello, Adam!
> It is worth noting, that the getlocalcopy has already supported file
> 'extension' as a suffix (mclocalcopyX.tgz in our case, btw it was
> implemented in a quite ugly way: 6 lines of code could be easily
> substituted with simple strrchr), but it is not enough IMO:
>
> * Someth
On Mon, Feb 24, 2003 at 01:39:44AM +0100, Adam Byrtek / alpha wrote:
> +basename = strrchr (filename, PATH_SEP);
> +if (basename && *basename==PATH_SEP)
> + basename++;
this is totally bogus.
if (basename)
basename++;
else
basename = filename;
greetings
--
Hi! I'm a .signature
It is useful to have an original filename as a part of temporary
filename when editing files from extfs or vfs:
* editors can use it's features connected to file name/extension
(syntax highlihting etc.)
* user can see the real name of the file he is editing in external
editor
I've create
11 matches
Mail list logo
