Date: Thu, 15 Mar 2001 20:32:32 +0100 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Jonathan Lemon <jlemon@flugsvamp.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Jonathan Lemon <jlemon@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libc/gen glob.c Message-ID: <8030.984684752@critter> In-Reply-To: Your message of "Thu, 15 Mar 2001 13:25:03 CST." <20010315132503.D82645@prism.flugsvamp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010315132503.D82645@prism.flugsvamp.com>, Jonathan Lemon writes: >If you want to try this out, ftp to your machine, and then perform >'ls */../*/../*/../*/../*/../*/../*'; this will cause ftpd to start >chewing up all memory and cpu. I belive glob should (optionally) refuse patterns where ".." elements are separated by anything other than ".". In other words: "../../../../foo" = OK ".././../././../foo" = OK "../barf/.." = BAD -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8030.984684752>