Web lists-archives.com

Re: [bug] coreutils: potentially dangerous: $(realpath //) != /




On 2018-03-15 01:11, Thomas Wolff wrote:
> Am 14.03.2018 um 11:58 schrieb Mikhail Usenko via cygwin:
>> On Mon, 12 Mar 2018 20:43:13 -0500
>> Eric Blake <...> wrote:
>>> Just because Linux has taken the stance that their documented definition
>>> of // is "synonym for /" does NOT mean that ALL POSIX systems have taken
>>> the same approach; Cygwin has taken the approach that "// is documented
>>> to be the root of network access points, distinct from /".
>>>
>>> POSIX allows leeway between implementations; this is one of those
>>> documented places where they differ, yet are still both POSIX compliant
>>> with their different choices.  If your script is not robust to what
>>> POSIX has already warned you about, fix your script.

>> If you really claims that Cygwin may and should be different and distinct
>> from all other existing POSIX systems (the more so that it is allowed by
>> POSIX),
> which is not the case. There are other systems where // is the network root.
>> then it would probably be more obvious and clear to say this at the very 
>> beginning, e.g. "Get that Linux feeling (with all those differences and
>> distinctions) - on Windows"
> Considering that due to the limitations of being embedded in Windows, Cygwin
> cannot always perfectly mimic either Linux or POSIX systems, I personally prefer
> the more generic approach to define POSIX as its model.

It's comforting to know that if a script arg is supplied as / and used as the
target of rmdir $v/ or rm -rf $v/..., it won't do anything.
(Although any such args should always be canonicalized, then checked to ensure
they are not, whether deliberately or inadvertently, null, $PWD or any prefix,
/, or other significant standard paths.)

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple