Re: SECURITY PROBLEM: autofs [all versions]
Josip Rodin wrote:
>
> On Wed, Jul 05, 2000 at 06:57:03PM -0400, Christopher W. Curtis wrote:
> > > Before running a program, well-written unix code does not have to check to
> > > see if
> > >
> > > * the program exists
> >
> > then why do the scripts check '-f' ?
>
> > > The test -f is added for a wholly different reason.
>
> It's a non-standard check that has to do with Debian policy. Nobody's saying
> that we couldn't enhance it somehow, just that it's not so horribly wrong.
See, I never claimed it was horribly wrong - I simply said that a
different check would be better.
> It's not wrong as in that it would warrant a bug report with a severity
> higher than wishlist.
As said before, no bugs were filed - I simply saw it happen, checked if
all were -f (it turns out that only about 1/3 are), said "this could be
better if people would change '-f' to '-x'", and mentioned it here.
> > or that a test -x is not 'better'.
> I saw no such statement...
It may not have been said in this very tired thread, but it was said
that test -f is correct and that test -x would be wrong, thereby leading
me to conclude that those people believed that test -f is better.
Either way, I just wanted to let it be known, not engage a series of
"You're wrong so foo on you" messages choking up everyone's mailboxes.
Christopher
Reply to: