Re: Bug#149454: uudecode bug (?)

[martin f krafft]

also sprach Paul Eggert <address@hidden> [2002.07.09.1415 +0200]:
> The same reason it is not a security bug if "sh" does follow symlinks.
> You can't trust shar files; nor can you trust uuencoded files.  If you
> are given an untrustworthy file to uudecode and do not wish to inspect
> it, you should always invoke uudecode with the -o option.
> 
> POSIX 1003.1-2001 requires that uudecode must overwrite existing files
> rather than removing them.  This includes following symbolic links to
> existing files.  For details, please see:
> <http://www.opengroup.org/onlinepubs/007904975/utilities/uuencode.html>.

thanks for your time and explanation. you should know that i am really
just a proxy in this debate, and while i usually try to be a 'caching'
proxy in such cases, i myself don't yet understand your point fully.

do you mean that POSIX differentiates between overwriting and
replacing? i'd define the first as inode preserving, the second as
creating a new inode while dropping the old.

i did read the URL you posted, as well as the uudecode.html file, and
it does mention overwrite rather than replace. given that and the
posix definition, i am willing to argue that uudecode doesn't contain
a bug wrt the standard.

nevertheless, i still don't see the rationale behind this behaviour.
if you do have a spare minute, would you mind ensuring that i grasp
just why uudecode must overwrite while tar replaces?

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; address@hidden
  
today, i will gladly share my experience and advice,
for there are no sweeter words than "i told you so."

pgpO1sVbGi6nq.pgp
Description: PGP signature