New patchfs script
Andrew V. Samoilov
sav at bcs.zp.ua
Thu Dec 12 07:14:56 UTC 2002
Adam Byrtek 'alpha' wrote:
> On Wed, Dec 11, 2002 at 04:42:35PM +0200, Andrew V. Samoilov wrote:
>
>>I applied little patch for your patchfs to quote metacharacters in
>
>
> Agreed.
>
. . .
>>- copyout ($ARGV[2], $ARGV[3]);
>>+ copyout ($ARGV[2], quotemeta ($ARGV[3]));
>
>
> The second chunk is invalid.
> $ARGV[3] is used only for 'open', and it doesn't need quoting:
>
> bash-2.05b$ perl -we 'open TMP, ">". quotemeta("Q|Q|\\|Q"); print TMP
> "xxx\n"; close TMP'
> bash-2.05b$ ls Q*
> Q\|Q\|\\\|Q
>
Yes, it was initial version of patch, CVS is ok. Thanks for a catch.
>
>>Also I want to eliminate temporary file in copyout()
>
>
> It's necessary with this algorithm - you can't do 'seek' on a pipe.
>
Well, comment section can be stored in the array, so seek will be
eliminated.
> The temporary file is created in a safe way, so this should not be a
> security issue. BTW I guess we can create the file before doing '>' to
> avoid symlink attack (quite improbable, tmp file name is random).
It is not security issue but resource. Kernel patches can be 20 Mb
unarchived.
>>and teach patchfs to understand context diffs (diff -c).
>>Another good change should be to use +++ filename for newly created
>>files (--- /dev/null).
>
>
> It would be nice. Should I try to work on this issues or do you want
> to do this yourself?
You are author, so you are preffered.
--
Regards,
Andrew V. Samoilov
More information about the mc-devel
mailing list