From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 13571 invoked by alias); 8 Jan 2015 14:24:30 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 34170 Received: (qmail 21773 invoked from network); 8 Jan 2015 14:24:28 -0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, SPF_HELO_PASS autolearn=ham version=3.3.2 X-AuditID: cbfec7f5-b7fc86d0000066b7-d4-54ae9318a6f0 Date: Thu, 08 Jan 2015 14:24:20 +0000 From: Peter Stephenson To: Zsh hackers list Subject: Re: [PATCH] Re: Insecure tempfile creation Message-id: <20150108142420.141e5f4b@pwslap01u.europe.root.pri> In-reply-to: <150108000821.ZM7996@torch.brasslantern.com> References: <20141222203624.GA24855@tarsus.local2> <141227223029.ZM15959@torch.brasslantern.com> <141227234421.ZM16038@torch.brasslantern.com> <141228004101.ZM28486@torch.brasslantern.com> <20141229004957.GA1737@tarsus.local2> <141228200142.ZM22840@torch.brasslantern.com> <20150107220345.GE1714@tarsus.local2> <20150108064816.GA17816@lorien.comfychair.org> <150108000821.ZM7996@torch.brasslantern.com> Organization: Samsung Cambridge Solution Centre X-Mailer: Claws Mail 3.7.9 (GTK+ 2.22.0; i386-redhat-linux-gnu) MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrOLMWRmVeSWpSXmKPExsVy+t/xy7oSk9eFGJz6qGRxsPkhkwOjx6qD H5gCGKO4bFJSczLLUov07RK4MqZs+cBS8Jy94vfnHtYGxmVsXYycHBICJhJHu7czQ9hiEhfu rQeKc3EICSxllPi56DYThLOESWLljw8sEM42Rok1/TfYQVpYBFQlfvy5ywpiswkYSkzdNJsR xBYR0JLYcfIkE4gtLGAs0fF6M1gNr4C9xM3Jj8BsTgFLibkd8xkhhr5klti6aj7YUH4BfYmr fz8xQdxkLzHzyhlGiGZBiR+T77GA2MxACzZva2KFsOUlNq95C/aDkIC6xI27u9knMArNQtIy C0nLLCQtCxiZVzGKppYmFxQnpeca6RUn5haX5qXrJefnbmKEBO7XHYxLj1kdYhTgYFTi4f1w f22IEGtiWXFl7iFGCQ5mJRFeHc91IUK8KYmVValF+fFFpTmpxYcYmTg4pRoYY3y29vYVdlc5 X/uzyLtfe8I9natPm9zWNMxfoD6hXOGTf47Cv/lxRtl7GDunGz7suara9vSJp9k/j4izYYw+ fXNuvfga9TfvzuctJets3N6r//374pOfyOesdz1TW2Ol6iaF7zhTKbbQ7GDpnQsKpmfv1090 madjdvq3pNC+Kc7vJFxNnu6TV2Ipzkg01GIuKk4EAOuRccI6AgAA On Thu, 8 Jan 2015 00:08:21 -0800 Bart Schaefer wrote: > Fortunately, we have the zsh/files module which provides a buitin "ln" > with well-defined semantics. Hopefully that's good enough. It's a little bit tangential, but it's always bothered me that the only option we have for module builtins of this kind is to import the into the command namespace under the standard name, trashing the use of the system-standard utility your code may elsewhere depend on That is, you can use "command ln" if you need to, but the point is in the majority of existing code you would never have bothered to do that. We made special arrangements for (z)stat but that really doesn't scale well. Apart from (z)stat, most of the builtins that look like standard utilies are only there for special cases, e.g. for some reason you can't get to the file system where they live, in which case there's no real problem. But for uses like this there potentially is. pws