Re: Retain orig. filename as suffix for tmp. filename

From: Adam Byrtek / alpha <alpha student uci agh edu pl>
To: Pavel Roskin <proski gnu org>
Cc: mc-devel gnome org
Subject: Re: Retain orig. filename as suffix for tmp. filename
Date: Mon, 24 Feb 2003 11:13:47 +0100

On Mon, Feb 24, 2003 at 02:22:16AM -0500, Pavel Roskin wrote:
> If you preserve the whole filename, you are more likely to have spaces for
> some other special characters in the filename.  Some programs have
> problems with spaces in the filename (e.g. rpm 4.1).
> 
> Even worse, some programs could be exploited by giving them bogus
> filenames as arguments.  I like your idea, but the security issue should
> be addressed (actually, it exists already because the extension can have
> bad stuff too).

I'm curious how this is different from copying the file manualy and
then pressing F4? AFAIK the filename is not passed through the shell,
so the only problem can be a severe bug in the editor, which still
exists and can be exploited when one copies the file. Of course we
limit it a bit, but it is still a security issue - in a editor, not
mc.

Regards

-- 

  _.|._ |_  _.   :  Adam Byrtek /alpha/
 (_|||_)| |(_|   :  email  alpha@(irc.pl|debian.org)
     |           :  jabber alpha.pl(at)jabber.org, pgp 0xB25952C0

Follow-Ups:
- Re: Retain orig. filename as suffix for tmp. filename
  - From: Pavel Roskin

References:
- Retain orig. filename as suffix for tmp. filename
  - From: Adam Byrtek / alpha
- Re: Retain orig. filename as suffix for tmp. filename
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]