> The fix I present has the undesirable result that it means the user can > create files with dangerous file names - the file gets created, and then > someone comes along and does a "rm *". and that filename with a pipe > character and evil command executes. That shouldn't be a problem. Most (all?) shells will escape metacharacters when expanding wildcards. If it doesn't, it could be considered a bug in the shell. What you _do_ have to worry about is filenames that look like options to rm. If someone creates a file called "-Rf", doing an "rm *" could wipe out subdirectories.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:55 PDT