| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f775f497043e4e88a23a980c23d744b1@AcuMS.aculab.com>
Date: Thu, 14 Feb 2019 09:50:39 +0000
From: David Laight <David.Laight@...LAB.COM>
To: "'Tobin C. Harding'" <me@...in.cc>
CC: "'Tobin C. Harding'" <tobin@...nel.org>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Tycho Andersen <tycho@...ho.ws>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: RE: [PATCH 3/3] leaking_addresses: Expand tilde in output file name
From: Tobin C. Harding
> Sent: 13 February 2019 20:31
>
> On Wed, Feb 13, 2019 at 03:56:47PM +0000, David Laight wrote:
> > From: Tobin C. Harding
> > > Sent: 07 February 2019 22:50
> > >
> > > Currently if user passes an output file to the script via
> > > --output-raw we do not handle expansion of tilde.
> > >
> > > Use perl function glob() to expand tilde in output file name.
> >
> > What happens if glob() returns multiple files?
> > I'm guessing that it can...
>
> Thanks for taking a look at this David. Surely glob() cannot return
> multiple values when expanding tilde? If someone passes a '*' into the
> command as an input/output file then they are clearly mad :)
Yes, but the perl script will go horribly wrong.
Actually, how do they get a ~ in there?
Whatever shell generated perl's argv[] would be expected to handle it.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists