Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: [PATCH] Re: Insecure tempfile creation



On Thu, 8 Jan 2015 00:08:21 -0800
Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx> wrote:
> Fortunately, we have the zsh/files module which provides a buitin "ln"
> with well-defined semantics.  Hopefully that's good enough.

It's a little bit tangential, but it's always bothered me that the only
option we have for module builtins of this kind is to import the into
the command namespace under the standard name, trashing the use of the
system-standard utility your code may elsewhere depend on That is, you
can use "command ln" if you need to, but the point is in the majority of
existing code you would never have bothered to do that.

We made special arrangements for (z)stat but that really doesn't scale
well.

Apart from (z)stat, most of the builtins that look like standard utilies
are only there for special cases, e.g. for some reason you can't get to
the file system where they live, in which case there's no real problem.
But for uses like this there potentially is.

pws



Messages sorted by: Reverse Date, Date, Thread, Author