mailing list archives
Re: textcounter.pl (alternate fix)
From: sreid () ALPHA SEA-TO-SKY NET (Steve Reid)
Date: Thu, 25 Jun 1998 12:32:31 -0700
The fix I present has the undesirable result that it means the user can
create files with dangerous file names - the file gets created, and then
someone comes along and does a "rm *". and that filename with a pipe
character and evil command executes.
That shouldn't be a problem. Most (all?) shells will escape
metacharacters when expanding wildcards. If it doesn't, it could be
considered a bug in the shell.
What you _do_ have to worry about is filenames that look like options to
rm. If someone creates a file called "-Rf", doing an "rm *" could wipe