
Safename: restricting “dangerous” file names - sciurus
https://lwn.net/Articles/686789/
======
Kristine1975
Restricting users because the software is buggy sounds like the wrong way to
solve the problem.

Not to mention the error handling:

 _Any attempt to create a file name that fails the tests will be rejected with
an EPERM error_

So the user will get a "permission denied" error when trying to save a file
instead of "the file name contained invalid characters, which are...".

~~~
startling
Security isn't about solving problems the right way, it's about reducing
attack surface.

------
tropo
This really ought to be table-driven so that custom tables can be loaded.

For example, what about Unicode normalization? It's enforced on OS X. Maybe I
want to block anything that differs according to normalization form.

I might want to limit characters to 2 accents at most. (this covers
Vietnamese)

I might want only left-to-right characters or LGC characters.

I might want to block confusing look-alike characters, particularly those the
non-ASCII ones that look like ASCII.

~~~
zokier
I was thinking it would be neat if the filenames would be passed through a
eBPF filter. That should cover almost all imaginable usecases.

------
eridal

       mkdir some-test
       cd some-test
       mkdir some-dir
       echo foo > some-dir/some-file
       echo bar > -Rf
       ls -l
       rm *
       ls -l

~~~
voaie
Bash script is a bad choice here.

