Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 5/3/83; site utcsstat.UUCP Path: utzoo!utcsrgv!utcsstat!ian From: ian@utcsstat.UUCP Newsgroups: net.unix-wizards Subject: re: funny characters in filenames Message-ID: <801@utcsstat.UUCP> Date: Thu, 28-Jul-83 19:04:59 EDT Article-I.D.: utcsstat.801 Posted: Thu Jul 28 19:04:59 1983 Date-Received: Thu, 28-Jul-83 22:50:24 EDT Organization: U. of Toronto, Canada Lines: 42 Reference: <317@packet.UUCP> Background: I have a program that generates a map of the Unix filesystem and then passes part of that map along to another program. For various reasons I did this by generating a string of the form ' ...' and giving it to system(). I learned very early in the process all about control characters and white space (ingres is REAL good at putting spaces in filenames... *sigh*) and to quote out those names, but last week someone really pulled a winner and put a file named 'foo;init;bar' onto the system (actually, it had been there but the program finally went after it for the first time). The system proceeded to parse this as ' ... foo ; init ; bar ...' and since the program runs as root, it proceeded to start a second init, run /etc/rc, and all that neat stuff. Foreground: the fix on this specific problem is simple. I expanded the quoting mechanism for control characters and things to all files. This means that it takes more system calls to do the same work, but it is much safer. It doesn't solve the problem, however. I really believe that there either needs to be a way to run the shell without any parsing or Un*x needs to restrict the use of some of its more dangerous characters (such as control characters, spaces, and the set [*;./{}] from being used as a file name on the system. How many times have you had to help someone access a file that had a wierd character in it? From what I have seen, they create many more problems than they solve..... The fix is more powerful than you can imagine. Just quote every file name that you pass to the shell, with the single quote character. The shell will not expand characters which are quoted thusly. For example, rm '*' (remove quote star quote) will remove a file whose name consists of an asterisk, rather than all the files in your directory. I just tried it on a fairly standard V7 system. I think it's unfair to say that UNIX did it to you again. I think you did it to yourself this time. Ian F. Darwin, Toronto utcsstat!ian