Reply to post: You've made be rant now..

Oh SNAP! Old-school '80s Unix hack to smack OSX, iOS, Red Hat?

Jamie Jones Silver badge
Flame

You've made be rant now..

Firstly, I'm not one of those who will blindly defend UNIX, and downvote anyone who dares criticise it (even if they have a valid point) but I'm sorry, this is absolute bollocks.

"Since this bug originates from a design problem it will be very interesting on how operating system vendors address this problem. It is something you cannot fix with a simple patch. The way on how the system interacts with files has to be completely redesigned," SEC Consult writes.

Seriously, what is their agenda? As others have pointed out, this has been known by any half-compitent UNIX user for ages. There is no OS level bug to fix.

No UNIX system needs to be completely redesigned (and if it was a real problem, it would only be the SHELL and it's globbing that would need to be 'fixed' - this has bugger all to do with the way the 'system' (kernel, compiled executables etc.) work)

As has already been mentioned here, any fault solely lies within buggy crappy programs ("buggy crappy programs holding hands" *cough* /coat) and they can be fixed without needing to make any changes to the UNIX kernel, userland, or even the bloody shell.

TO BE FAIR.....

It can be argued that the fact the way globbing works makes it easy for incompetent shell programs to screw up is at best unfortunate.

Indeed, there are many who argue that kernels should not allow files to exist which start with a '-', or contain spaces, newlines, tabs, various binary characters etc...

But, all competent UNIX programmers know that filenames can contain *ANY* value from the 256 in a byte, apart from ascii '/' and NUL, and therefore code appropriately.

This flexability may be a curse to some, but it can be useful to proper programmers (after all, why should a program written in C be restricted from storing files with 'special' characters just because some badly written shell scripts can't cope? -- especially as spne of these systems will be storing files that NEVER need to be accessed from the shell)

Yes, this has been known for years. Just like sql-injection, and other problems, you simply need programers who know what they are doing, without forcing syntax restrictions on them to appese the stupid.

There is a very well written website that describes these issues (and it itself has been around for years):

http://www.dwheeler.com/essays/fixing-unix-linux-filenames.html

well worth a read, but to be blunt, anyone who is surprised at what it says shouldn't be bloody programming shell scripts to be consumed anywhere other than their home computer in the first place.

/rant

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon