cvs commit: src UPDATING src/include fts.h src/lib/libc/gen
Makefile.inc Symbol.map fts-compat.c fts-compat.h fts.3 fts.c
src/sys/sys param.h
Tim Kientzle
kientzle at freebsd.org
Sat Jan 26 23:55:02 PST 2008
Yar Tikhiy wrote:
> Our fts(3) API, as inherited from 4.4BSD, suffers from integer
> fields in FTS and FTSENT structs being too narrow. In addition,
> the narrow types creep from there into fts.c. As a result, fts(3)
> consumers, e.g., find(1) or rm(1), can't handle file trees an ordinary
> user can create, which can have security implications.
Kudos! It's about time we fixed this. The inability
of 'rm' to clean up my test trees for libarchive has
become a bit tiresome. ;-)
Tim Kientzle
More information about the cvs-src
mailing list