4.2 Project: "@file" support
Alexandre Oliva
aoliva@redhat.com
Sat Aug 27 22:12:00 GMT 2005
On Aug 25, 2005, DJ Delorie <dj@redhat.com> wrote:
> If "@string" is seen, but "string" does not represent an existing
> file, the string "@string" is passed to the program as-is.
With the terrible side effect of letting people think their
applications will just work, but introducing the very serious risk of
security problems, leading to, say:
gcc: dj:yourpassword:1234:567:DJ: invalid argument
instead of
gcc: @/etc/passwd: invalid argument
Sure this is probably not so much of an issue for GCC (although remote
compile servers are not totally unheard of), but it could easily
become a very serious problem for other applications that might take
filenames from the network and worry about quoting - but not @; those
would then need fixing.
--
Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist oliva@{lsd.ic.unicamp.br, gnu.org}
More information about the Gcc-patches
mailing list