Date: Sun, 30 Apr 2000 21:17:14 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Warner Losh <imp@village.org> Cc: Mike Heffner <spock@techfour.net>, FreeBSD-audit <FreeBSD-audit@FreeBSD.ORG> Subject: Re: that patch for mktemp? Message-ID: <Pine.BSF.4.21.0004302111520.93638-100000@freefall.freebsd.org> In-Reply-To: <200005010404.WAA74367@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 30 Apr 2000, Warner Losh wrote:
> ~ isn't too special to shells, so unless it is at the start of a
> filename, you shouldn't have a problem.
That can only happen if mktemp() is called with no prefix
(i.e. "/tmp/XXXXXX" instead of "/tmp/fooXXXXXX"), which is not the
docuemnted usage in the manpage ("The template may be any file name with
some number of `Xs' appended to it") although I don't know what POSIX has
to say on the matter.
Probably to be safe we should make it so the PID is encoded first, since
that will never have any metacharacters in it.
> That said, all of the following are special metacharacters to shells:
> !$^&*(){}[]?~`"';<>|\
>
> (recall that ^ is a synonym for |).
Damn, I didn't know that. ! and ^ will have to be removed, which brings
the number of random characters to 73, or 389017 different random
combinations for the standard 6-X tempfile. This is still pretty good.
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004302111520.93638-100000>