Date: Tue, 19 Mar 2002 21:05:50 +1100 From: "Tim J. Robbins" <tim@robbins.dropbear.id.au> To: Peter Pentchev <roam@ringlet.net> Cc: freebsd-standards@FreeBSD.ORG Subject: Re: standards/36076: Implementation of POSIX fuser command Message-ID: <20020319210550.A2621@descent.robbins.dropbear.id.au> In-Reply-To: <20020319110634.H9136@straylight.oblivion.bg>; from roam@ringlet.net on Tue, Mar 19, 2002 at 11:06:34AM %2B0200 References: <200203190810.g2J8A3761846@freefall.freebsd.org> <20020319110634.H9136@straylight.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 19, 2002 at 11:06:34AM +0200, Peter Pentchev wrote: > I must admit that I am a bit wary of having a shell script wrapper; > there are many ways a shell command could go wrong - field separators, > backticks, variable expansions... IMVHO, a Perl script might make > things a bit more secure. What do others think? I was under the impression that FreeBSD was slowly moving away from having perl in the base system but I'll write a perl version if necessary, but even that won't remove some limitations (eg. spaces in command names). AFAIK, the only problem with the current fuser script is that it chokes on filenames with quotes in them (due to the |awk). The only safe way to do it is to write it in C using similar techniques to those fstat uses, but that requires more effort and introduces yet another sgid kmem binary. Although not an excuse for introducing new 'bad' code into the tree, it's worth pointing out that rcp/scp can't copy files with shell meta- characters in their names, and nobody seems to have complained. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-standards" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020319210550.A2621>