Re: deb vfs security issue (CAN-2004-0494)

From: Roland Illig <roland illig gmx de>
Cc: MC Devel <mc-devel gnome org>
Subject: Re: deb vfs security issue (CAN-2004-0494)
Date: Thu, 19 Aug 2004 11:18:44 +0200

Leonard den Ottolander wrote:

The attached file is a much nicer solution. I believe the original
escaping in mcdebfs_run is redundant as the involved parameters are
passed to mcdebfs_copyout where they will be escaped. Is my use of map
correct?

+	local($archivename) = map(s/([^\w\/.+-])/\\$1/g, @_);


I would rather write

        my ($archivename) = map { s/([^\w\/.+-])/\\$1/g } @_;

map(expr, list) yields the result of the s/// operator, whereasmap(block, list) executes the block with $_ aliased to the list item.


Roland

Follow-Ups:
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander

References:
- deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander
- Re: deb vfs security issue (CAN-2004-0494)
  - From: Leonard den Ottolander

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]