On Aug 25, 2005, DJ Delorie <[EMAIL PROTECTED]> wrote: > If "@string" is seen, but "string" does not represent an existing > file, the string "@string" is passed to the program as-is.
With the terrible side effect of letting people think their applications will just work, but introducing the very serious risk of security problems, leading to, say: gcc: dj:yourpassword:1234:567:DJ: invalid argument instead of gcc: @/etc/passwd: invalid argument Sure this is probably not so much of an issue for GCC (although remote compile servers are not totally unheard of), but it could easily become a very serious problem for other applications that might take filenames from the network and worry about quoting - but not @; those would then need fixing. -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org}
