From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Received: (qmail 28599 invoked from network); 15 Apr 2020 09:18:18 -0000 Received-SPF: pass (primenet.com.au: domain of zsh.org designates 203.24.36.2 as permitted sender) receiver=inbox.vuxu.org; client-ip=203.24.36.2 envelope-from= Received: from ns1.primenet.com.au (HELO primenet.com.au) (203.24.36.2) by inbox.vuxu.org with UTF8ESMTPZ; 15 Apr 2020 09:18:18 -0000 Received: (qmail 13123 invoked by alias); 15 Apr 2020 09:18:13 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 45704 Received: (qmail 10387 invoked by uid 1010); 15 Apr 2020 09:18:13 -0000 X-Qmail-Scanner-Diagnostics: from joooj.vinc17.net by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.2/25779. spamassassin: 3.4.4. Clear:RC:0(155.133.131.76):SA:0(-1.9/5.0):. Processed in 2.157584 secs); 15 Apr 2020 09:18:13 -0000 X-Envelope-From: vincent@vinc17.net X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: none (ns1.primenet.com.au: domain at vinc17.net does not designate permitted sender hosts) Date: Wed, 15 Apr 2020 11:17:33 +0200 From: Vincent Lefevre To: zsh-workers@zsh.org Subject: Re: glob qualifier '-' doesn't work correctly on dangling symlinks Message-ID: <20200415091733.GA2800550@zira.vinc17.org> Mail-Followup-To: zsh-workers@zsh.org References: <20200412070930.etfzj6j2qvd5em7b@chazelas.org> <20200412142544.GA1783815@zira.vinc17.org> <20200412173448.rl3wttigdx5t5wcn@chazelas.org> <20200412233845.GB1831017@zira.vinc17.org> <20200413142257.orwzb4jrgmf7gpoi@chazelas.org> <20200413214149.GA2644627@zira.vinc17.org> <20200414061816.5qfbjyc6w3x34wcz@chazelas.org> <20200414120241.3d8d7246@tarpaulin.shahaf.local2> <20200414123803.2ps5p475l4kiyfmp@chazelas.org> <20200415004403.7a974d63@tarpaulin.shahaf.local2> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200415004403.7a974d63@tarpaulin.shahaf.local2> X-Mailer-Info: https://www.vinc17.net/mutt/ User-Agent: Mutt/1.12.1+33 (6a74e24e) vl-117499 (2019-06-23) On 2020-04-15 00:44:03 +0000, Daniel Shahaf wrote: > Stephane Chazelas wrote on Tue, 14 Apr 2020 13:38 +0100: [Pathological errors in globbing] > > What's the worst that can happen if it's not handled "properly"? > > Depends on how we handle it, obviously. If we handle it by returning an > error and aborting the current command line, the worst that can happen > is that a command line (or script) would be aborted, whereas currently > it would silently continue execution with wrong data. For instance, one can imagine a script that would fix permissions based on a glob like *(W) before making the directory world-readable. If the error is not reported, some files would be left world-writable and an attack would be possible due to the directory becoming world-readable. With an error, the script would be able to detect the issue or abort (e.g. with "set -e"). -- Vincent Lefèvre - Web: 100% accessible validated (X)HTML - Blog: Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)