[PATCH 10 of 14] chg: calculate sockdirfd
Yuya Nishihara
yuya at tcha.org
Thu Apr 14 10:47:32 EDT 2016
On Wed, 13 Apr 2016 17:50:57 +0100, Jun Wu wrote:
> On 04/13/2016 04:07 PM, Yuya Nishihara wrote:
> > I still think we should avoid unnecessary path manipulation because we have
> > to be careful about pitfalls such as CHGSOCKNAME="/silly/basename/..".
> > That's why I prefer CHGSOCKDIR.
>
> I still prefer the flexibility. People using ".." should know what they are
> doing. I don't think it necessary to prevent people using developer-facing
> features from doing wrong. Things like "rm -rf ~" are not protected.
Then why do you check basename[0] == '\0' ?
I don't like being loose for processing paths because it tends to be a security
bug. I know that's okay right now, but can you be sure that basename = ".."
never ever trap someone who has to modify this function?
Also, I don't see how beneficial it is to allow putting all sockets into
a single directory.
More information about the Mercurial-devel
mailing list