Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
Potential pitfalls in DNS handling
Posted Nov 15, 2012 21:29 UTC (Thu) by wahern (subscriber, #37304)
I notified the sysadmin, who was incredulous at first. Later I found out that the hacker had penetrated many more systems, including many Bell Atlantic servers. Never did find out how he broke in, though in those days there was lots of low hanging fruit to exploit.
Posted Nov 16, 2012 12:25 UTC (Fri) by cate (subscriber, #1359)
It is allowed by POSIX (but without specifying what a POSIX program should behave when it encounters such file), but I never tested.
'/' in filename? Really?
Posted Nov 17, 2012 2:35 UTC (Sat) by pr1268 (subscriber, #24648)
Really...? Any online examples of this?
I'm sincerely curious as to how I could overcome the inability to create a directory named "AC/DC" in my music files directory (where each subdirectory is named after the artist/band whose song files are stored within).
Back to the article, I feel somewhat re-assured that the various DNS library implementations would appear to fail given strange input that the RFCs seem to allow. And besides, those are relatively low-numbered RFCs; surely they've been around a while to shake out the bugs. </slightly ignorant observation>
Thanks to Phil Pennock and the Exim developers looking into this.
Posted Nov 17, 2012 11:47 UTC (Sat) by hummassa (subscriber, #307)
Posted Nov 16, 2012 18:34 UTC (Fri) by quotemstr (subscriber, #45331)
And I maintain that's a bug. Kernels should be doing:
* UTF-8 normalization
* Leading and trailing space elimination
* Banning leading dashes
* Banning non-printable unicode characters
There's absolutely no reason for treating filenames as opaque strings, except that by doing so, you avoid having arguments about encodings. Now that UTF-8 has won, we should revisit that decision.
Posted Nov 17, 2012 1:39 UTC (Sat) by anselm (subscriber, #2796)
UTF-8 normalisation probably makes sense, but disallowing leading dashes in filenames would disable potentially desirable features like being able to create a file called »-i« in a directory where you don't want to accidentally have »rm *« delete all your files.
Posted Nov 17, 2012 2:13 UTC (Sat) by apoelstra (subscriber, #75205)
Nor would it allow creating "-r" in directories where you want rm to be extra destructive. :)
Posted Nov 17, 2012 15:13 UTC (Sat) by Jandar (subscriber, #85683)
Posted Nov 19, 2012 10:51 UTC (Mon) by cesarb (subscriber, #6266)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds