In a world with security concerns, can anything be complete?

detaro · on Sept 26, 2022

yes. (especially but not only on mobile, where the platform is responsible for a lot of it)

Security concerns are very clustered around limited attack surface, that many apps just don't have.

hmcamp · on Sept 26, 2022

Yes. The ls Unix command.

Aissen · on Sept 27, 2022

Here are a few implementations that did not get the memo:

coreutils ls: https://git.savannah.gnu.org/cgit/coreutils.git/log/src/ls.c

freebsd ls: https://github.com/freebsd/freebsd-src/commits/927f8d8bbbed7...

busybox ls: https://git.busybox.net/busybox/log/coreutils/ls.c

openbsd ls: https://github.com/openbsd/src/commits/master/bin/ls/ls.c

The latter seems to be the most stable, yet has been updated two years ago, many years after its first introduction.

renewiltord · on Sept 26, 2022

Haha you got me, but I wouldn't be surprised if there were Unicode issues etc as you have to support modern filesystems

Like this https://www.exploit-db.com/exploits/33508

Gigachad · on Sept 26, 2022

I’m not sure the ls command has to do much if anything to support new file systems since the file system driver should present a standard interface for them.

0x457 · on Sept 26, 2022

The standard interface for paths on Linux is "bag of bytes", do you want to see bag of bytes or do you want to see human-readable path?