change dir using a menu command

Pavel Roskin proski at gnu.org
Fri Jan 23 16:53:23 UTC 2004


On Fri, 23 Jan 2004, David E wrote:

> I did as you advised and added a "%cd" macro, I changed the code to do 2
> things:
>
> 1. add an environment variable: CDFILE=~/.mc_cdfile
>   (I used sprintf(dir_file,"CDFILE=%s/.mc_cdfile", home_dir) in the
>    subshell.c file)

I'm concerned about security aspects of such change.  You use a
predictable name.  An attacker could overwrite this file and put a
different directory name there.  It could be possible to make mc change to
a different directory without user noticing.  In particular, the name
could be on VFS.  This opens the possibility to make mc connect to a
remote server or open an archive.

Also, there is a possibility that two instances of mc will run commands
that will write to the same file.  It would be better to put process ID in
the name.

Do you really need to change to a directory that is not known before the
menu commands are executed?

-- 
Regards,
Pavel Roskin



More information about the mc mailing list