Re: bin/45453: add /etc/cron.d functionality

[David Laight <david%l8s.co.uk@localhost>]

On Fri, Oct 14, 2011 at 05:25:01AM +0000, David Holland wrote:
> The following reply was made to PR bin/45453; it has been noted by GNATS.
> 
> From: David Holland <dholland-bugs%netbsd.org@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc: 
> Subject: Re: bin/45453: add /etc/cron.d functionality
> Date: Fri, 14 Oct 2011 05:23:22 +0000
> 
>  On Wed, Oct 12, 2011 at 06:35:02AM +0000, Takahiro Kambe wrote:
>   >> +        if ((len > 8) && (strncmp(fname + len - 8, ".rpmsave", 8) == 0))
>   >> +                continue;
>   >> +        if ((len > 8) && (strncmp(fname + len - 8, ".rpmorig", 8) == 0))
>   >> +                continue;
>   >> +        if ((len > 7) && (strncmp(fname + len - 7, ".rpmnew", 7) == 0))
>   >> +                continue;
>   >  We don't hardcode such suffixes but give cron(8) to some excluding
>   >  patterns.  (Above is too rpmism, too.)
>  
>  Rather than blacklist some set of extensions (and as you note, the
>  ones it has seem totally wrong) it ought to accept only files named
>  e.g. *.cron. Much safer that way.

And, if you are going to do the above, it would be better to have
something like:
        static const char *bad_suffixes[] = { "rpmsave", ..., 0};
        const char **bp, *dot = strrchr(fname, '.');
        if (dot) {
                for (bp = bad_suffixes; *bp; bp++)
                        if (strcmp(dot + 1, *bp) == 0)
                                return FALSE;
        }
        return TRUE;

But, a positive match is better!
I hope the code skipped direcories?

        David

-- 
David Laight: david%l8s.co.uk@localhost