logo

blog

My website can't be that messy, right? git clone https://anongit.hacktivis.me/git/blog.git/
commit: bcbfa169080c8ffb4fd246826ca872935a691a80
parent ffca92e4cf4bda17314d454d5e36ecd8d0418472
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Tue,  5 Aug 2025 20:19:20 +0200

notes/unix-defects.xhtml: add paragraph about `../`

Diffstat:

Mnotes/unix-defects.xhtml6++++++
1 file changed, 6 insertions(+), 0 deletions(-)

diff --git a/notes/unix-defects.xhtml b/notes/unix-defects.xhtml @@ -66,6 +66,12 @@ Meaning that applications also often roll their own solution.<br /> Compare this to Haiku </p> + <p> + Also I think <code>../</code> outside of an explicit query like <code>glob</code> was a mistake, specially as it works like a query. + For example if <code>../../../../../etc/passwd</code> resolves fine, so does <code>../../../../../../../../etc/passwd</code>. + <br /> + Which means that preventing path traversal is done via defensive programming / hardening, rather than being careful about API usage. + </p> <h3 id="fs_atom">Filesystem lack of transactions</h3> <p>