Funny characters in filenames

cfv at packet.UUCP cfv at packet.UUCP
Tue Jul 26 06:30:35 AEST 1983 

*sigh* Its time for  another  in  an  unending  series  of  flames  on  the
wonderfulness  of  Un*x and the way you can put lots of funny characters in
its filenames.  Last week I had a program that I wrote a few months ago die
terribly  and  take  the system with it. 7 hours and half a case of console
logs later, it turns out that the wonderful Un*x (TM B*ll L*bs) system  did
it to me again...

Background:  I have a program that generates a map of the  Unix  filesystem
and  then  passes  part  of that map along to another program.  For various
reasons I did this by generating a string of  the  form  '<cmd>  <filename>
...'  and  giving  it to system().  I learned very early in the process all
about control characters and white space (ingres is REAL  good  at  putting
spaces  in filenames... *sigh*) and to quote out those names, but last week
someone really pulled a winner and put a file named 'foo;init;bar' onto the
system  (actually,  it had been there but the program finally went after it
for the  first  time).  The  system  proceeded  to  parse  this  as  '<cmd>
<filename>  ... foo ; init ; bar <filename> ...' and since the program runs
as root, it proceeded to start a second init, run  /etc/rc,  and  all  that
neat stuff.

Foreground: the fix on this specific problem  is  simple.  I  expanded  the
quoting  mechanism  for  control  characters and things to all files.  This
means that it takes more system calls to do the same work, but it  is  much
safer.  It doesn't solve the problem, however.  I really believe that there
either needs to be a way to run the shell without any parsing or Un*x needs
to  restrict  the  use  of  some  of its more dangerous characters (such as
control characters, spaces, and the set [*;./{}] from being used as a  file
name  on  the system.  How many times have you had to help someone access a
file that had a wierd character in it?  From what I have seen, they  create
many more problems than they solve.....
-- 
>From the dungeons of the Warlock:
					      Chuck Von Rospach
					      ucbvax!amd70!packet!cfv
					      (chuqui at mit-mc)  <- obsolete!

More information about the Comp.unix.wizards mailing list