[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bizzare bug in find, potential security implications

From: Dale R. Worley
Subject: Re: Bizzare bug in find, potential security implications
Date: Thu, 21 Dec 2017 07:12:30 -0500

Eric Blake <address@hidden> writes:
> POSIX says that regex only has to match characters (in particular, the 
> glob '.' matches characters, not encoding errors).  If you pick a locale 
> with multibyte characters that are subject to encoding errors when 
> processing random bytes (as is the case when using a UTF-8 locale to 
> process single-byte ISO filenames), then POSIX says regex behavior is 
> undefined.

Yes, this is one of those situations where you have to define very
exactly what it is that you're trying to do.  In the case of the OP, the
question is really whether the final four octets of the file name are
'.exe' regardless of what the preceding octets are.  In that case, you
want LC_ALL=C to prevent the software from trying to be clever about
character strings:

$ LC_ALL=C find htdocs -type f -iregex '.*\.exe$'


reply via email to

[Prev in Thread] Current Thread [Next in Thread]