Bruno Haible <[email protected]> writes:

> Collin Funk wrote:
>> every single unescaped string as a "security vulnerability".
>
> Replicating every argument literally (like 'ls --literal') is
> not a security vulnerability. But it is an instance of "garbage in -
> garbage out": If the user passes, say, an ANSI escape sequence for
> clearing the terminal's screen, only low-quality implementations
> will replicate it on stdout literally. And even without escape
> sequences, there's a difference between
>   $ rm 'the prime minister'
>   /bin/rm: cannot remove the prime minister: No such file or directory
> and
>   $ rm 'the prime minister'
>   /bin/rm: cannot remove 'the prime minister': No such file or directory

Yes, I agree. I just dislike the alarmism.

>> However, for printing arguments given by the user
>
> No, the user is in general not aware of all arguments passed to all
> commands. In general, the user might be using or invoking a program A,
> that invokes a program B (with arguments that A has computed), that
> invokes C (with computed arguments again), and so on, until some
> of these programs invokes 'gzip'. When something goes wrong, the user
> will see the diagnostics from 'gzip', but the user is not the one
> who provided / understood / acknowledged the arguments passed to 'gzip'.

I see your point. But in my head I think of the "user" as program X
which knows the arguments it gives to gzip.

Collin



Reply via email to