At last, a hope of progress [LWN.net]

At last, a hope of progress

Posted Mar 25, 2009 16:52 UTC (Wed) by mjthayer (guest, #39183)
In reply to: At last, a hope of progress by epa
Parent article: Wheeler: Fixing Unix/Linux/POSIX Filenames

Actually, I think that the shell and the scripting environment are greater problems than the permissive file names. The fact that everything is a text string to the shell is the source of so many security holes. But of course, in this case the file names are probably easier to fix by far.

to post comments

At last, a hope of progress

Posted Mar 25, 2009 20:02 UTC (Wed) by mjthayer (guest, #39183) [Link] (1 responses)

Actually, the shell could help a bit. At least one thing that it could do would be to ignore files starting with a dash when expanding '*', the same way it ignores files starting with a dot. I don't know if that would be POSIX compliant, but there are more bad reasons than good for that sort of expansion. Recognising ASCII-zero as a separator for file names in a text stream might also be useful, although I have no idea what other implications that would have, and it would probably fail under many circumstances.

At last, a hope of progress

Posted Mar 29, 2009 0:01 UTC (Sun) by mikachu (guest, #5333) [Link]

On days when I'm feeling paranoid I always say ./* instead of just *, especially when talking to /bin/rm. On the other hand, touch -- -i in directories where you have important files is a nice trick too.