Todd C. Miller <todd.mil...@sudo.ws> wrote: > True, those would not be handled but isn't the most common usage > to pass a fully-qualified path or a device name? The biggest problem > I see is that this would not catch a disk uid being used but I don't > think that is really fixable unless we check the string for a duid > first.
Pattern matching the string to decide "oh it cannot be a path" is really weird, besides the fact it is a TOCTOU. I'm fine with a / check, but it also needs documenting. While there can't we say at least one option must be supplied? Is using dump without an option realistic?
