Retain orig. filename as suffix for tmp. filename

Adam Byrtek / alpha alpha at student.uci.agh.edu.pl
Mon Feb 24 10:05:57 UTC 2003


On Mon, Feb 24, 2003 at 02:22:16AM -0500, Pavel Roskin wrote:
> If you preserve the whole filename, you are more likely to have spaces for
> some other special characters in the filename.  Some programs have
> problems with spaces in the filename (e.g. rpm 4.1).
> 
> Even worse, some programs could be exploited by giving them bogus
> filenames as arguments.  I like your idea, but the security issue should
> be addressed (actually, it exists already because the extension can have
> bad stuff too).

Is filtering it with is_printable() and substituting spaces with '_'
enough?

Regards

-- 

  _.|._ |_  _.   :  Adam Byrtek /alpha/
 (_|||_)| |(_|   :  email  alpha@(irc.pl|debian.org)
     |           :  jabber alpha.pl(at)jabber.org, pgp 0xB25952C0



More information about the mc-devel mailing list