Ludovic Drolez scribbled on 10/17/06 1:33 AM:
> David L Norris wrote:
>> On Mon, 2006-10-16 at 18:35 -0700, Peter Karman wrote:
>>> I think we might be over-thinking this. If the original issue that stringQuote()
>>> was trying to address was simply that quotes in filenames cause problems, why
>>> not just escape quotes, rather than trying to escape everything suspicious?
> We should escape everything suspicious, because I was able to run a 'rm -rf'
> with a file like this "mynicefilename.pdf;rm -rf /". The same applies to & |
> , and more...
Normally I would agree that escaping everything suspicious is a Good Idea, but I
don't want to in this case and here's why.
Like most things Unix, I think we need to give users enough rope to hang
themselves. If they want to 'rm -rf /' in their FileFilter configuration, I
don't want to stop them. After all, swish-e config files are used for indexing
only, not searching, so there's no chance of unknown users injecting malicious
code into a config file and trashing your system. You control the indexing, you
control the config file. Here's the gun; here's the bullet.
If there are characters like & and ; in your files, well, besides my pity, you
have my encouragement to use something like a pipe through sed or the like in
your FileFilter command to fix those issues. Or better yet, use DirTree.pl and
FileFilter .pdf pdftotext "`echo '%p' | perl -ne \
hey, I know it's ugly. But so is & in a filename. ;)
Having said all that I'm open to having my mind changed. Convince me.
Peter Karman . http://peknet.com/ . peter(at)not-real.peknet.com
Received on Tue Oct 17 20:22:16 2006