Subject: Re: File names and security...
To: None <current-users@NetBSD.ORG>
From: Christos Zoulas <email@example.com>
Date: 06/06/1997 20:01:10
In article <199706061130.GAA28664@solutions.solon.com> firstname.lastname@example.org (Peter Seebach) writes:
>Okay, so newlines in file names are dangerous to a lot of common
>How much do we lose if we have a filesystem flag to forbid them?
>I would think it might be possible to simply silently replace
>all non-printing chars with normal spaces. Now, I doubt the resulting
>system is going to win any conformance awards, but there are times when
>I'd be willing to give up POSIX conformance for security.
This whole idea is a bit silly... What are we going to forbid next?
Parentheses? Semicolons? Ampersands? So that stupid programs that
sprintf(buf, "unzip %s", filename);
are `secure' when filename = "foo.gz ; /bin/sh"?