Vince Eccles <vince.ecc...@gmail.com> wrote:
> I have advised UNIX developers in the past on catching stupid things people
> do. I do stupid things from time to time. I was a tester for a number of the
> old Digital Corporation OS developments. For example, they put some simple
> catches in compilers to disallow certain command requests.
>
> You don't have to do anything, but I just thought you might like to know and
> think about a warning when -f is used and a file name is not consistent with
> tarball names.
As mentioned before: there is already a long existing practice on ow to avoid
this kind of problems:
- The official CLI from tar does not use a dash before options,
but rather calls the characters key-letters. Tar is not using
a CLI that is compatible to typical UNIX programs but to "ar"
and to the old "ps" interface from the 1970s.
- Forbid to truncate existing files, i.e. abort if the CLI
is risky and the file exists with a size >0
- When called with a dash in front of the key letters, do not
permit non-boolean keyletters tobe combined as a single
argument.
Jörg
--
EMail:jo...@schily.net (home) Jörg Schilling D-13353 Berlin
joerg.schill...@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.org/private/ http://sf.net/projects/schilytools/files/'
