Re: 8-bit patch for zle_tricky.c

zsh-workers
 help / color / mirror / code / Atom feed

From: Zefram <A.Main@dcs.warwick.ac.uk>
To: hniksic@public.srce.hr
Cc: A.Main@dcs.warwick.ac.uk, hzoli@cs.elte.hu, schaefer@nbn.com,
	zsh-workers@math.gatech.edu
Subject: Re: 8-bit patch for zle_tricky.c
Date: Tue, 21 May 1996 00:36:23 +0100 (BST)	[thread overview]
Message-ID: <7771.199605202336@stone.dcs.warwick.ac.uk> (raw)
In-Reply-To: <199605202308.BAA20042@jagor.srce.hr> from "Hrvoje Niksic" at May 21, 96 01:08:12 am

>Of course. But the point I was trying to make is that not only setuid
>scripts, but also setuid C programs calling system (and thus unintentionally
>invoking sh) can represent security problems. Which is why IFS is used the
>way it is in bash/ksh.

As I said, it *is* possible for a privileged script to be secure.  IMO
it's up to the person writing such scripts to use the methods
available.  We shouldn't disable a feature just to make this easier.  I
think field splitting should be off by default in zsh, but
SH_WORD_SPLIT or some other option should turn it on.  (Maybe
SH_WORD_SPLIT should do field splitting on words, and SH_FIELD_SPLIT
should do the current filed splitting on parameters.)

In any case, this is not a critical issue, and can wait until after 3.0.

-zefram

next prev parent reply	other threads:[~1996-05-21  0:00 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1996-05-18 11:51 Zefram
1996-05-19 22:34 ` Zoltan Hidvegi
1996-05-20 15:58   ` Zefram
1996-05-20 17:21     ` Zoltan Hidvegi
1996-05-20 17:03       ` Bart Schaefer
1996-05-20 18:36         ` Zoltan Hidvegi
1996-05-20 21:09           ` Zefram
1996-05-20 22:43             ` Hrvoje Niksic
1996-05-20 22:55               ` Zefram
1996-05-20 23:08                 ` Hrvoje Niksic
1996-05-20 23:36                   ` Zefram [this message]
1996-05-20 17:54       ` Zefram
1996-05-20 22:25         ` Hrvoje Niksic
1996-05-20  1:01 ` Zoltan Hidvegi

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7771.199605202336@stone.dcs.warwick.ac.uk \
    --to=a.main@dcs.warwick.ac.uk \
    --cc=hniksic@public.srce.hr \
    --cc=hzoli@cs.elte.hu \
    --cc=schaefer@nbn.com \
    --cc=zsh-workers@math.gatech.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/zsh/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).