funny characters in filenames

ian at utcsstat.UUCP ian at utcsstat.UUCP
Fri Jul 29 09:04:59 AEST 1983 

	Background:  I have a program that generates a map of the
	Unix  filesystem and  then  passes  part  of that map along to
	another program.  For various reasons I did this by generating
	a string of  the  form  '<cmd>  <filename>
	...'  and  giving  it to system().  I learned very early in the
	process all
	about control characters and white space (ingres is REAL  good
	at  putting spaces  in filenames... *sigh*) and to quote out
	those names, but last week someone really pulled a winner and
	put a file named 'foo;init;bar' onto the system  (actually,  it
	had been there but the program finally went after it for the
	first  time).  The  system  proceeded  to  parse  this  as
	'<cmd> <filename>  ... foo ; init ; bar <filename> ...' and
	since the program runs as root, it proceeded to start a second
	init, run  /etc/rc,  and  all  that neat stuff.

	Foreground: the fix on this specific problem  is  simple.  I
	expanded  the quoting  mechanism  for  control  characters and
	things to all files.  This means that it takes more system
	calls to do the same work, but it  is  much safer.  It doesn't
	solve the problem, however.  I really believe that there either
	needs to be a way to run the shell without any parsing or Un*x
	needs to  restrict  the  use  of  some  of its more dangerous
	characters (such as control characters, spaces, and the set
	[*;./{}] from being used as a  file name  on  the system.  How
	many times have you had to help someone access a file that had
	a wierd character in it?  From what I have seen, they
	create many more problems than they solve.....

The fix is more powerful than you can imagine.  Just quote every file name
that you pass to the shell, with the single quote character. The shell
will not expand characters which are quoted thusly. For example,
	rm '*'  (remove quote star quote)
will remove a file whose name consists of an asterisk, rather than all
the files in your directory. I just tried it on a fairly standard V7 system.

I think it's unfair to say that UNIX did it to you again. I think you did it
to yourself this time.

Ian F. Darwin, Toronto
utcsstat!ian

More information about the Comp.unix.wizards mailing list