Re: PATCH: dynamic named directories

[Peter Stephenson <pws@xxxxxxx>]

Bart Schaefer wrote:
> Only maybe without the corresponding gaping security hole.
> 
> } -			    doshfunc(shfunc, l, 0, 1);
> } +			    doshfunc(shfunc, l, 1);
> 
> Are you sure this is still equivalent to the old way?  Looks like here
> [and in several similar places] doshfunc() was being explicitly told to
> ignore shfunc->node.flags, whereas with your change it will always pay
> attention to them.

The flags in question are PM_UNDEFINED and PM_TAGGED.  The former is
just used to decide whether to set a script name (don't ask me why, but
it looks like an internal consistency matter rather than anything
user-visible); the latter to do tracing by setting XTRACE.  Hence I
don't think it's a security hole.  I suspect that 0 was being passed in
a lot of cases simply because the caller couldn't be bothered to keep
the flags around, which was what was happening even with the function
name in some cases before I changed the interface to pass in the shell
function rather than the code within it.

(By the way, I wonder if, for functions where tracing has been
requested, it would be a good idea if "emulate" didn't turn it off
again...)

-- 
Peter Stephenson <pws@xxxxxxx>                  Software Engineer
CSR PLC, Churchill House, Cambridge Business Park, Cowley Road
Cambridge, CB4 0WZ, UK                          Tel: +44 (0)1223 692070