Angus Leeming <[EMAIL PROTECTED]> writes: > >> ... I thought it was > >> about not accidently overwriting some files. > > > > Ach! Should I test for that? Hmmm. As it stands the script will overwrite > > an existing "$2" if 'sed' is used and will not if 'cp' is used. I guess > > I'll change that to > > 'cp' -f "$1" "$2" > > Can you pick any other holes in the attached script?
If you care about overwriting files you could test for existence of $2. If you are afraid about security risks you should ask someone else; I only vaguely remember there's some exploit with symlinks and temp files. But then we also would have to fix any possible buffer overflows ... and all those system calls ... Need it for 1.4.0?? Maybe we better delay fixing security issues to 1.5.0 ;-) Otherwise the script looks fine to me (but don't take me as an authority for scripts, I'm definitely not! :-) ) /Andreas
