Re: du --files-from feature request

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: du --files-from feature request

From:	Eric Blake
Subject:	Re: du --files-from feature request
Date:	Sat, 06 Dec 2008 08:06:57 -0700
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 Mnenhy/0.7.5.666

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Aaron Peterson on 12/6/2008 2:16 AM:
> Wow, You guys seem to really care.
> 
>  6.10 is the version of du  that I'm using. (Ubuntu Ibex)

6.12 is the latest stable version, and 7.0 is also available for testing.

> So, I understand that newline /CR is a complicated way to delimit
> lists  lists because of system variations, but did somebody tackle
> this by determining what the (possibly multi byte) newline sequence is
> and make a --from-files work?

We tend not to worry too much about CR as line terminators, because that
is not the POSIX way.  The coreutils are not consistent on how CR is
handled.  On the other hand, we are not adverse to easy-to-maintain
patches that makes life more portable on platforms with CR problems (for
example, I've had a low-priority item on my todo list to escape CR as \r
in md5sum output).

But back to your question about recognizing newline-separated lists: using
newline to delimit file lists is inherently insecure, because newline is a
valid filename character.  Someone can intentionally name a file
$'/tmp/oops\n/bin', and if a careless sysadmin does
'ls /tmp | xargs rm -rf', then they just nuked /bin.  We don't have any
plans on adding --from-files that takes newline separated entries, because
there is no point adding security holes.  The only valid option is
- --from-files0 (although, the way getopt works, you can use unambiguous
abbreviations, so --from-files is shorthand for --from-files0, meaning
that you still plan on using NUL terminators rather than newline terminators).

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk6lREACgkQ84KuGfSFAYBJ+wCgtBSykq30IYgIncRICpxUk/g8
bngAn1XrEv4EiZkcwsbxzkAiMRp8nPj2
=ufvP
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

Re: du --files-from feature request, Jim Meyering, 2008/12/01
- Re: du --files-from feature request, Pádraig Brady, 2008/12/01
  - Re: du --files-from feature request, Jim Meyering, 2008/12/01
    - Re: du --files-from feature request, Pádraig Brady, 2008/12/01
    - Re: du --files-from feature request, Pádraig Brady, 2008/12/01
  - Re: du --files-from feature request, Ralf Wildenhues, 2008/12/03
- Re: du --files-from feature request, Andreas Schwab, 2008/12/01
  - Re: du --files-from feature request, Jim Meyering, 2008/12/13
- Re: du --files-from feature request, Aaron Peterson, 2008/12/06
  - Re: du --files-from feature request, Eric Blake <=
    - Re: du --files-from feature request, Eric Blake, 2008/12/06
    - Re: du --files-from feature request, Aaron Peterson, 2008/12/06
    - Re: du --files-from feature request, Bob Proulx, 2008/12/06
    - Re: du --files-from feature request, Eric Blake, 2008/12/06
    - Message not available
    - Re: du --files-from feature request, Eric Blake, 2008/12/07
    - Re: du --files-from feature request, Aaron Peterson, 2008/12/07
    - Re: du --files-from feature request, Eric Blake, 2008/12/07

Prev by Date: Re: du --files-from feature request
Next by Date: Re: du --files-from feature request
Previous by thread: Re: du --files-from feature request
Next by thread: Re: du --files-from feature request
Index(es):
- Date
- Thread