[prev] [thread] [next] [lurker] [Date index for 2006/05/25]
On Thu, 25 May 2006 21:48:32 +0200, Juerd <juerd@xxxxxxxxxxx.xx> wrote: > H.Merijn Brand skribis 2006-05-25 21:46 (+0200): > > > -? is still dangerous: > > > touch -- -r > > > foo -? > > Your fault, core dumped. > > Well, imagine "touch -- -r" was actually "bar /etc/passwd", which is > closed source and left a file called "-r" in the cwd. Sew them! Sew them! Priority 1 security problem :) > Do you encourage running "ls" before using "-?", for security reasons? I can't count the number of times I do 'l' (an alias for 'ls -a') > > > Now, -? might resolve to -r, which in foo's case, means foo tries to > > > delete every file in your home directory. Too bad. > > That is unix. You asked for it, you got it. > > That is why many shells have aliasses and completions. > > rm -i is the default for a lot of users > > An alias for rm won't help against a direct unlink call. true -- H.Merijn Brand Amsterdam Perl Mongers (http://amsterdam.pm.org/) using & porting perl 5.6.2, 5.8.x, 5.9.x on HP-UX 10.20, 11.00, 11.11, & 11.23, SuSE 10.0, AIX 4.3 & 5.2, and Cygwin. http://qa.perl.org http://mirrors.develooper.com/hpux/ http://www.test-smoke.org http://www.goldmark.org/jeff/stupid-disclaimers/There's stuff above here
Generated at 09:00 on 29 May 2006 by mariachi 0.52