Message22804
Lot of time passed, I want to finish this. I propose to make the following:
- Copy the file to .bak, change the file in place: this preserves the file metadata, actually fixing the bug. It does not solve the security problem, but it does not make things worse (actually, this moves the security issue from the original file to the .bak one).
- Add an option -n (--nobackup), to the program not to make the .bak copy, and explicity saying in the docs that this option is useful if you have security concerns.
- Not move the functionality to another library: it will be something nice to have, but these security issues will need more thoughts. Anyway, this goes far beyond this bug.
What do you think? |
|
Date |
User |
Action |
Args |
2007-08-23 14:26:55 | admin | link | issue1050828 messages |
2007-08-23 14:26:55 | admin | create | |
|