From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Joseph D. Wagner" <theman@josephdwagner.info>
Subject: RE: RFC: Illegal Characters in File Names
Date: Tue, 20 Jul 2004 22:26:25 -0500
Sender: linux-fsdevel-owner@vger.kernel.org
Message-ID: <S266522AbUGUD0f/20040721032635Z+698@vger.kernel.org>
References: <40FDB035.1050000@it.swin.edu.au>
Mime-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: 8BIT
Cc: "'Guy'" <bugzilla@watkins-home.com>, "'Jan Hudec'" <bulb@ucw.cz>,
	"'Bryan Henderson'" <hbryan@us.ibm.com>,
	<linux-fsdevel@vger.kernel.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from ssa8.serverconfig.com ([209.51.129.179]:2955 "EHLO
	ssa8.serverconfig.com") by vger.kernel.org with ESMTP
	id S266522AbUGUD0f convert rfc822-to-8bit (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Tue, 20 Jul 2004 23:26:35 -0400
To: "'John Newbigin'" <jn@it.swin.edu.au>,
	<viro@parcelfarce.linux.theplanet.co.uk>
In-Reply-To: <40FDB035.1050000@it.swin.edu.au>
List-Id: linux-fsdevel.vger.kernel.org

>> Mind showing the sequence that would achieve that?

> http://www.kb.cert.org/vuls/id/230561
> http://www.digitaldefense.net/labs/papers/Termulation.txt
> Read this page ^^^^ !!!!
> 
> These are poor protocols which were not designed for security :(
> 
> It is a real problem.  The solution is to fix the terminal though, not
> the filesystem.

The problem with fixing only the terminal is that there's more than one program that can be used for accessing a file name.  By your logic, we should also "fix" every single program that can access a file name.

I think it should be fixed in both places.

To use an analogy, I want to put a deadbolt on a door, but you don't want me to because the door is already locked.  Sure, the door is locked, but we'd all be better off if it had a deadbolt, too.

Joseph D. Wagner