Re: Variations 0.41c and renaming files to camera date

On 23 Jan 2008 Paul Vigay <invalid-email-address@xxxxxxxxxxxxxxxxxxxx>
wrote:

In a dim and distant universe <MPG.22008bedf1519c3e9897ed@xxxxxxxxxxxxxxxx>,
Greg Harris <greg@xxxxxxxxxxxxxxxxxx> enlightened us thusly:

Agreed that RISCOS 'prohibits' the use of spaces but the majority of the
rest of the world does not.

A space in filenames is a really bad idea (possibly not actually forbidden
per se, but no one but a complete idiot would use them) because a space
will confuse many operating systems (such as Linux and Mac OS X) who expect
a space to delimit additional parameters, and if you forget to specify
filename delimiters such as " marks around the name with spaces in it, you
can run into all kinds of problems where the name becomes the parameters of
the command you're running.

Windows makes a complete pigs ear of implementing spaces in filenames,
which shouldn't really come as a surprise. Because it uses spaces
between parameters, and allows spaces in filenames, and doesn't have
strict rules on applying quote marks or escaping spaces, it doesn't
know what its doing and has to guess. Take for example this command
line:-

C:\Program Files\A program.exe C:\Documents and Settings\Myfile

The way it has to work out this mess is to try each space delimited
field separately to see if it is a file, and if it doesn't exit try to
coalesce the subsequent parts. So above it tries the following:-

"C:\Program Files\A" - doesn't exist
"C:\Program Files\A program.exe" - exists so use as program
"C:\Documents" - doesn't exist
"C:\Documents and" - doesn't exist
"C:\Documents and Settings\Myfile" - exists so use as argument

You can see the massive security hole this exposes, allowing the
system to be compromised by creating files with the intermediate names
it looks for. Even ignoring that, given there are normally several
more levels of directories in real pathnames, the huge number of file
accesses it needs just to work out the command line, compared to just
2 which would be used if things were done properly.

Another reason why we've got away with running RISC OS with a couple
of hundred MHz, where as the Windows world needs several cores of
multi GHz just to get by.

---druck

--
The ARM Club Free Software - http://www.armclub.org.uk/free/
The 32bit Conversions Page - http://www.quantumsoft.co.uk/druck/
.

Relevant Pages

  • Re: How do I unlock FILE access?
    ... But the Del command refused to recognize ANY long filenames. ... Then I went back and tried rebooting the computer AGAIN... ... and in the Windows Accessories menu lists Command ...
    (microsoft.public.excel.misc)
  • Re: Compressing folders in Windows using Python.
    ... >> I'm trying to zip a particular fiolder and place the zipped folder into ... >> But when I run this script in Windows XP, ... >> executing the above zip command. ... Something else to watch for -- Spaces in filenames. ...
    (comp.lang.python)
  • Re: How do I unlock FILE access?
    ... short filenames will display with the dir command with dir /x. ... Command Line Help with /? ... >> /regserver command line switch AND rebooting the computer, ... and in the Windows Accessories menu lists Command ...
    (microsoft.public.excel.misc)
  • Re: [Perl 5.8.8 on WinXP] Command line usage
    ... Perl won't do an in-place edit successfully on a Windows system. ... It is the command shell on Unix systems that expands the wildcard ... This command prints the list of filenames on the console, and the dos command dir accepts wildcards, then the perl program could do anything with those files, like opening them, modifying.... ...
    (perl.beginners)
  • RE: Generic way to exploit an insecure /tmp file creation - Red Hat 7,8,9 (Re: Red Hat 9: free tick
    ... Perl has Taint mode to enforce this (well, ... command that invokes a sub-shell, nor in any command that modifies files, ... > data like filenames, ... Hopefully someone notified the Logwatch people... ...
    (Vuln-Dev)