From: Alexandre Oliva <aoliva@redhat.com>
To: DJ Delorie <dj@redhat.com>
Cc: ian@airs.com, mark@codesourcery.com, gcc-patches@gcc.gnu.org,
gcc@gcc.gnu.org
Subject: Re: 4.2 Project: "@file" support
Date: Sun, 28 Aug 2005 12:03:00 -0000 [thread overview]
Message-ID: <orvf1r6nog.fsf@livre.redhat.lsd.ic.unicamp.br> (raw)
In-Reply-To: <200508251738.j7PHcwAZ022225@greed.delorie.com>
On Aug 25, 2005, DJ Delorie <dj@redhat.com> wrote:
> If "@string" is seen, but "string" does not represent an existing
> file, the string "@string" is passed to the program as-is.
With the terrible side effect of letting people think their
applications will just work, but introducing the very serious risk of
security problems, leading to, say:
gcc: dj:yourpassword:1234:567:DJ: invalid argument
instead of
gcc: @/etc/passwd: invalid argument
Sure this is probably not so much of an issue for GCC (although remote
compile servers are not totally unheard of), but it could easily
become a very serious problem for other applications that might take
filenames from the network and worry about quoting - but not @; those
would then need fixing.
--
Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
next prev parent reply other threads:[~2005-08-27 22:07 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-25 5:30 Mark Mitchell
2005-08-25 5:32 ` Christoph Hellwig
2005-08-25 5:35 ` Mark Mitchell
2005-08-25 6:42 ` DJ Delorie
2005-08-25 7:07 ` Mark Mitchell
2005-08-25 10:44 ` Steven Bosscher
2005-08-25 11:36 ` Robert Dewar
2005-08-25 15:04 ` DJ Delorie
2005-08-25 15:18 ` Robert Dewar
2005-08-25 5:40 ` DJ Delorie
2005-08-25 7:14 ` Mark Mitchell
2005-08-25 15:02 ` DJ Delorie
2005-08-25 15:08 ` Mark Mitchell
2005-08-25 21:14 ` Tristan Wibberley
2005-08-26 0:09 ` Mark Mitchell
2005-08-26 0:48 ` DJ Delorie
2005-08-26 11:28 ` Laurent GUERBY
2005-08-26 16:48 ` Sergei Organov
2005-08-26 17:22 ` Ian Lance Taylor
2005-08-26 18:06 ` Sergei Organov
2005-08-26 19:08 ` Ian Lance Taylor
2005-08-26 19:15 ` Laurent GUERBY
2005-08-27 0:08 ` Mark Mitchell
2005-08-27 0:29 ` DJ Delorie
2005-08-27 3:56 ` Mark Mitchell
2005-08-26 20:39 ` Tristan Wibberley
2005-08-26 20:42 ` Scott Robert Ladd
2005-08-25 19:16 ` Daniel Jacobowitz
2005-08-25 7:42 ` Christoph Hellwig
2005-08-25 9:45 ` Mark Mitchell
2005-08-25 12:39 ` Marcin Dalecki
2005-08-25 12:56 ` Paolo Bonzini
2005-08-25 14:59 ` Marcin Dalecki
[not found] ` <dek496$ip1$1@sea.gmane.org>
2005-08-25 15:05 ` DJ Delorie
2005-08-25 16:03 ` Ranjit Mathew
2005-08-26 9:44 ` Christopher Faylor
2005-08-26 14:28 ` DJ Delorie
2005-08-25 15:56 ` Tom Tromey
2005-08-25 17:41 ` Ian Lance Taylor
2005-08-25 17:46 ` Joe Buck
2005-08-25 18:03 ` DJ Delorie
2005-08-26 22:06 ` Russ Allbery
2005-08-25 18:01 ` DJ Delorie
2005-08-25 18:59 ` Mark Mitchell
2005-08-28 12:03 ` Alexandre Oliva [this message]
2005-08-25 18:52 ` Daniel Jacobowitz
[not found] <200508250450.j7P4oWkW029722@sparrowhawk.codesourcery.com.suse.lists.egcs>
[not found] ` <20050825051254.GA26756@infradead.org.suse.lists.egcs>
[not found] ` <430D556E.6010400@codesourcery.com.suse.lists.egcs>
2005-08-25 10:45 ` Andi Kleen
2005-08-25 11:05 ` Jan-Benedict Glaw
2005-08-25 11:09 ` Andi Kleen
2005-08-25 11:12 ` Jan-Benedict Glaw
2005-08-25 15:56 ` DJ Delorie
2005-08-25 11:57 ` Robert Dewar
2005-08-25 16:59 ` Florian Weimer
2005-08-25 17:14 ` H. J. Lu
2005-08-25 17:19 ` Douglas B Rupp
2005-08-25 17:27 ` Gabriel Paubert
2005-08-25 10:49 Richard Kenner
2005-08-31 9:03 Joern RENNECKE
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=orvf1r6nog.fsf@livre.redhat.lsd.ic.unicamp.br \
--to=aoliva@redhat.com \
--cc=dj@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=gcc@gcc.gnu.org \
--cc=ian@airs.com \
--cc=mark@codesourcery.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).