Date: Tue, 28 Nov 2017 20:46:58 -0800 From: Ian Zimmerman <itz@...y.loosely.org> To: oss-security@...ts.openwall.com Subject: Re: Security risk of server side text editing ... On 2017-11-28 21:05, Michael Orlitzky wrote: > Editing a file in-place should not create *another* file in the > current directory with a different name/suffix. I realize that's > subjective, but a lot of (even long time) users will tell you that no > way in hell did they expect that to happen. Maybe, but I think editors have done this from time immemorial. Compare for instance the comments on the limits of locking on p. 456 of Stevens & Rago. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet, fetch the TXT record for the domain.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ