Better security fix for subshell
Pavel Roskin
proski at gnu.org
Fri Jul 13 21:23:13 UTC 2001
Hello!
It's a reply to myself :-)
> Bash, unlike zsh and tcsh, requires `-e' after `echo'. It also doesn't
> read more that 3 digits in octals. Tcsh and zsh, on the other hand,
> require the first digit to be 0 and allow 4-digit octals.
Many thanks to Francis Kwok <francis.kwok at alcatel.com> who reported within
hours (!!!) that the octals don't work on tcsh compiled for Solaris (it
has echo_style=bsd by default). "set echo_style=both" is now fed to the
subshell at startup if it happens to be tcsh.
> This patch doesn't deal with passing the current directory name back from
> the subshell. It still can be misinterpreted by mc (try entering directory
> `\\\\')
Fixed. It's not even related to subshell. canonicalize_pathname()
refused to canonicalize after a backslashed path separator. There is no
reason I can think of for this exception (maybe the author of this code
thought that path separators are allowed in the filenames). The code is
ancient (pre-1998) and has no corresonding record in OChangeLog. It must
be a long-standing bug.
As you can see, some bugs live hours, some bugs live years.
------------------------------------
--- ChangeLog
+++ ChangeLog
@@ -1 +1,6 @@
+2001-07-13 Pavel Roskin <proski at gnu.org>
+
+ * utilunix.c (canonicalize_pathname): Don't handle PATH_SEP
+ after backslash in a special way.
+
2001-07-12 Pavel Roskin <proski at gnu.org>
--- utilunix.c
+++ utilunix.c
@@ -637,10 +637,6 @@ char *canonicalize_pathname (char *path)
i = start + 1;
}
- /* Handle backquoted `/'. */
- if (start > 0 && path[start - 1] == '\\')
- continue;
-
/* Check for trailing `/'. */
if (start && !path[i]) {
zero_last:
------------------------------------
Regards,
Pavel Roskin
More information about the mc-devel
mailing list