[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SECURITY PROBLEM: autofs [all versions]



Josip Rodin wrote:
> 
> On Wed, Jul 05, 2000 at 06:57:03PM -0400, Christopher W. Curtis wrote:
> > > Before running a program, well-written unix code does not have to check to
> > > see if
> > >
> > > * the program exists
> >
> > then why do the scripts check '-f' ?
> 
> > > The test -f is added for a wholly different reason.
> 
> It's a non-standard check that has to do with Debian policy. Nobody's saying
> that we couldn't enhance it somehow, just that it's not so horribly wrong.

See, I never claimed it was horribly wrong - I simply said that a
different check would be better.

> It's not wrong as in that it would warrant a bug report with a severity
> higher than wishlist.

As said before, no bugs were filed - I simply saw it happen, checked if
all were -f (it turns out that only about 1/3 are), said "this could be
better if people would change '-f' to '-x'", and mentioned it here.

> > or that a test -x is not 'better'.
> I saw no such statement...

It may not have been said in this very tired thread, but it was said
that test -f is correct and that test -x would be wrong, thereby leading
me to conclude that those people believed that test -f is better.

Either way, I just wanted to let it be known, not engage a series of
"You're wrong so foo on you" messages choking up everyone's mailboxes.

Christopher



Reply to: