Date: Wed, 09 Aug 2000 09:18:08 +0100 From: Brian Somers <brian@Awfulhak.org> To: Ben Smithurst <ben@FreeBSD.org> Cc: Kris Kennaway <kris@FreeBSD.org>, Brian Somers <brian@Awfulhak.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org Subject: Re: cvs commit: src/etc rc Message-ID: <200008090818.JAA00464@hak.lan.Awfulhak.org> In-Reply-To: Message from Ben Smithurst <ben@FreeBSD.org> of "Wed, 09 Aug 2000 07:11:03 BST." <20000809071103.U65753@strontium.scientia.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> Kris Kennaway wrote:
>
> > On Tue, 8 Aug 2000, Brian Somers wrote:
> >
> >> How is it vulnerable to files with spaces ? I have specifically
> >> tested this with filenames containing embedded spaces and ^Hs and the
> >> like.
> >
> > Oops, I misread the effect of this line:
> >
> > + cd "$dir" && ls | while read file
> >
> > I assumed the 'read' would just take the next word.
>
> I think this will still break for filenames which either begin or end
> with a space, or contain a newline. Why not just use 'for file in .* *;
> do ...; done' which would seem safer?
You're right. I'm about to commit this change.
There are also some nasties for files with leading `-'s and a disaster
waiting to happen WRT following symlinks...
> --
> Ben Smithurst / ben@FreeBSD.org / PGP: 0x99392F7D
> FreeBSD Documentation Project /
Cheers.
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008090818.JAA00464>