[Labs-l] [tools] New version of take
Petr Bena
benapetr at gmail.com
Sat Jun 22 18:24:12 UTC 2013
resolved.
On Sat, Jun 22, 2013 at 6:07 PM, Petr Bena <benapetr at gmail.com> wrote:
> The issues:
>
> no --verbose, --group, --help, --version, --recursive (it's recursive
> everytime, which may not be what user wants)
>
> no need to implement them, this version already has them and IMHO the
> source code is more structured (it is also written in c ++ but it uses
> classes and it's not in 1 file only)
>
> the issues you just pointed out will be quickly resolved...
>
> On Sat, Jun 22, 2013 at 5:50 PM, Marc A. Pelletier <marc at uberbox.org> wrote:
>> On 06/22/2013 09:20 AM, Petr Bena wrote:
>>> More secure
>>
>> If you want, I'll do a complete security review but even at first glance
>> your version is much less secure: you are using path names without
>> holding the directories open, you are not guaranteeing your checks are
>> all on the same object(s), and you have no guards against substitution
>> through a race condition.
>>
>> Any utility of the sort must:
>>
>> (a) take ownership of files whose owning groups your are in
>> (b) only in directories you own
>>
>> Anything else is overbroad and open to abuse in a number of ways.
>>
>> I don't know what issues and requests related to take you refer to, but
>> I'd rather address them with the current scheme. :-)
>>
>> -- Marc
>>
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
More information about the Labs-l
mailing list