This is the mail archive of the
libc-alpha@sources.redhat.com
mailing list for the glibc project.
Re: getopt() argument permuting considered risky
- From: Geoff Clare <geoff at gclare dot org dot uk>
- To: Roland McGrath <roland at redhat dot com>
- Cc: Michael T Kerrisk <mtk-lists at gmx dot net>, Paul Eggert <eggert at CS dot UCLA dot EDU>, libc-alpha at sources dot redhat dot com
- Date: Wed, 4 Aug 2004 21:02:55 +0100
- Subject: Re: getopt() argument permuting considered risky
- References: <24758.1091647870@www15.gmx.net> <200408041938.i74Jc4aa025237@magilla.sf.frob.com>
Roland McGrath <roland@redhat.com> wrote, on 04 Aug 2004:
>
> > I don't have any broken scripts. The whole point of this note was
> > to raise what looks like a security risk when porting scripts and
> > programs.
>
> Put POSIXLY_CORRECT in your environment if you want to run portable scripts.
> Then the system conforms to POSIX. That's what the standard is for.
The problem is that many people porting scripts from Unix systems to
glibc-based systems are likely to be unaware of this difference in
getopt(), and therefore unaware of the need to set POSIXLY_CORRECT to
protect against the risk that it creates. (Until something breaks.)
In my view a much better way to handle this extension would be for
the default behaviour to be as per the standard, and for there to
be an environment variable such as GNU_GETOPT_PERMUTING which can be
set to enable the extension when it is wanted.
Regards,
Geoff Clare.