New patchfs script

Andrew V. Samoilov sav at bcs.zp.ua
Thu Dec 12 07:14:56 UTC 2002


Adam Byrtek 'alpha' wrote:
> On Wed, Dec 11, 2002 at 04:42:35PM +0200, Andrew V. Samoilov wrote:
> 
>>I applied little patch for your patchfs to quote metacharacters in
> 
> 
> Agreed.
> 
. . .
  >>-    copyout ($ARGV[2], $ARGV[3]);
  >>+    copyout ($ARGV[2], quotemeta ($ARGV[3]));
  >
  >
  > The second chunk is invalid.
  > $ARGV[3] is used only for 'open', and it doesn't need quoting:
  >
  > bash-2.05b$ perl -we 'open TMP, ">". quotemeta("Q|Q|\\|Q"); print TMP
  > "xxx\n"; close TMP'
  > bash-2.05b$ ls Q*
  > Q\|Q\|\\\|Q
  >

Yes, it was initial version of patch, CVS is ok.  Thanks for a catch.

> 
>>Also I want to eliminate temporary file in copyout()
> 
> 
> It's necessary with this algorithm - you can't do 'seek' on a pipe.
> 

Well, comment section can be stored in the array, so seek will be
eliminated.

> The temporary file is created in a safe way, so this should not be a
> security issue. BTW I guess we can create the file before doing '>' to
> avoid symlink attack (quite improbable, tmp file name is random).

It is not security issue but resource.  Kernel patches can be 20 Mb
unarchived.

>>and teach patchfs to understand context diffs (diff -c).
>>Another good change should be to use +++ filename for newly created
>>files (--- /dev/null).
> 
> 
> It would be nice. Should I try to work on this issues or do you want
> to do this yourself?

You are author, so you are preffered.

-- 
Regards,
Andrew V. Samoilov







More information about the mc-devel mailing list