[kaffe] fastjar security issue
Dalibor Topic
robilad at kaffe.org
Mon Mar 27 16:42:08 PST 2006
On Tue, 2006-03-28 at 02:28 +0200, Dalibor Topic wrote:
> Thanks! I'd recommend using realpath or canonicalize_file_name, if
> available, to do the canonicalisation, rather than writing one's own
> function, though. See
> http://www.gnu.org/software/libc/manual/html_node/Symbolic-Links.html#Symbolic-Links
> for a description.
>
> I guess you could then simply chop the first char off if it is a file
> separator. I am not sure what the POSIX-y way to find out the file
> separator char/string is, though.
>
> Just slashing '/'s may not work so well on systems where '\' is the
> directory separator, like win32. So I'd recommend going with realpath or
> canonicalize_filename.
Turns out that joerg already thought about it and recommends against it:
http://article.gmane.org/gmane.os.netbsd.devel.packages/24746/match=netbsd+fastjar
so yeah, please go ahead and check it in.
cheers,
dalibor topic
More information about the kaffe
mailing list