Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: glob qualifier '-' doesn't work correctly on dangling symlinks

On 2020-04-15 00:44:03 +0000, Daniel Shahaf wrote:
> Stephane Chazelas wrote on Tue, 14 Apr 2020 13:38 +0100:
[Pathological errors in globbing]
> > What's the worst that can happen if it's not handled "properly"?
> Depends on how we handle it, obviously.  If we handle it by returning an
> error and aborting the current command line, the worst that can happen
> is that a command line (or script) would be aborted, whereas currently
> it would silently continue execution with wrong data.

For instance, one can imagine a script that would fix permissions
based on a glob like *(W) before making the directory world-readable.
If the error is not reported, some files would be left world-writable
and an attack would be possible due to the directory becoming
world-readable. With an error, the script would be able to detect
the issue or abort (e.g. with "set -e").

Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Messages sorted by: Reverse Date, Date, Thread, Author