From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10527 invoked from network); 7 Jan 2009 23:22:42 -0000 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.2.5 Received: from news.dotsrc.org (HELO a.mx.sunsite.dk) (130.225.247.88) by ns1.primenet.com.au with SMTP; 7 Jan 2009 23:22:42 -0000 Received-SPF: none (ns1.primenet.com.au: domain at sunsite.dk does not designate permitted sender hosts) Received: (qmail 23847 invoked from network); 7 Jan 2009 23:22:36 -0000 Received: from sunsite.dk (130.225.247.90) by a.mx.sunsite.dk with SMTP; 7 Jan 2009 23:22:36 -0000 Received: (qmail 13961 invoked by alias); 7 Jan 2009 23:22:30 -0000 Mailing-List: contact zsh-workers-help@sunsite.dk; run by ezmlm Precedence: bulk X-No-Archive: yes X-Seq: 26255 Received: (qmail 13943 invoked from network); 7 Jan 2009 23:22:29 -0000 Received: from bifrost.dotsrc.org (130.225.254.106) by sunsite.dk with SMTP; 7 Jan 2009 23:22:29 -0000 Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.158]) by bifrost.dotsrc.org (Postfix) with ESMTP id 98070802720C for ; Thu, 8 Jan 2009 00:22:26 +0100 (CET) Received: by fg-out-1718.google.com with SMTP id e21so2972875fga.37 for ; Wed, 07 Jan 2009 15:22:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=eiYupLihkioaEIFRs5actPk+XEty4w2SuWiOKoFchCs=; b=Q0h8CuIjjXxsJ3LkSoEjmkbESiITj4KmQDANQ8o3hfbX3r8IRj2+omwuyrbFUj9NiN 5gPu5/RwbH8uFYpHH5f+8MFw5byriQFiFKDOPZ3+wIwdVvjrL+T3op2RGVPuPOZ9uVsC fWqUKrEeUkFQ3Y4KsOIxMyigB994ihZDNJgP0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=JQ8YVy1U1/LSqAJyAxASIpenn487crodfew5izIkE3mYZxQWgnwc2qJWS8UuBigT1D VKIoP6hvmYreANWjCVWFjmMEhcfPRNiuhyTPEZbjbdnG9qT7z+zPLljVyrjxSa/JFXj2 FMrYR4r78Yz3hGbwTUDTkjnoRnc7B2567wUzU= Received: by 10.86.86.12 with SMTP id j12mr13842707fgb.33.1231370546134; Wed, 07 Jan 2009 15:22:26 -0800 (PST) Received: by 10.86.62.8 with HTTP; Wed, 7 Jan 2009 15:22:26 -0800 (PST) Message-ID: <2d460de70901071522p6f184863id7c2c9820fed87de@mail.gmail.com> Date: Thu, 8 Jan 2009 00:22:26 +0100 From: "Richard Hartmann" To: "Peter Stephenson" Subject: Re: Bug in executable completion: unable to handle .. it $PATH Cc: "Zsh Workers" , 162291@bugs.debian.org In-Reply-To: <200901072049.n07Kn8WT013885@pws-pc.ntlworld.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <090107121819.ZM27726@torch.brasslantern.com> <200901072049.n07Kn8WT013885@pws-pc.ntlworld.com> X-Virus-Scanned: ClamAV 0.92.1/8842/Wed Jan 7 15:06:50 2009 on bifrost X-Virus-Status: Clean On Wed, Jan 7, 2009 at 21:49, Peter Stephenson wrote: > Since the path is still absolute I don't see how this could effect > security, either, except maybe at second hand... if you sanitized the > early part of the path but didn't look for "..", so the component could > end up pointing out of that area, for example. But that doesn't seem to > me to be the shell's problem. I am trying to construct a scenario with softlinks, but I don't think is hurting here either. In any case, thanks for fixing this :) Richard