home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Columbia Kermit
/
kermit.zip
/
newsgroups
/
misc.20000824-20010305
/
000238_news@columbia.edu _Fri Feb 2 15:45:02 2001.msg
< prev
next >
Wrap
Internet Message Format
|
2020-01-01
|
3KB
Return-Path: <news@columbia.edu>
Received: from watsun.cc.columbia.edu (watsun.cc.columbia.edu [128.59.39.2])
by monire.cc.columbia.edu (8.9.3/8.9.3) with ESMTP id PAA27300
for <kermit.misc@cpunix.cc.columbia.edu>; Fri, 2 Feb 2001 15:45:02 -0500 (EST)
Received: from newsmaster.cc.columbia.edu (newsmaster.cc.columbia.edu [128.59.59.30])
by watsun.cc.columbia.edu (8.8.5/8.8.5) with ESMTP id PAA20268
for <kermit.misc@watsun.cc.columbia.edu>; Fri, 2 Feb 2001 15:45:01 -0500 (EST)
Received: (from news@localhost)
by newsmaster.cc.columbia.edu (8.9.3/8.9.3) id PAA18921
for kermit.misc@watsun.cc.columbia.edu; Fri, 2 Feb 2001 15:31:16 -0500 (EST)
X-Authentication-Warning: newsmaster.cc.columbia.edu: news set sender to <news> using -f
From: fdc@columbia.edu (Frank da Cruz)
Subject: Re: K95 differences with DOS product - security issue?
Date: 2 Feb 2001 20:31:15 GMT
Organization: Columbia University
Message-ID: <95f5ej$if6$1@newsmaster.cc.columbia.edu>
To: kermit.misc@columbia.edu
In article <d65xrMxqAaWw@cc.usu.edu>, Joe Doupnik <jrd@cc.usu.edu> wrote:
: ...
: In addition, MSK treats these DOS command.com issues by having
: command.com execute them. In so doing MSK tries to preserve the syntax
: of the command line, in so far as it can, and it thus need not understand
: details of the command arguments. I believe K95 tries to perform the
: commands using its own code.
:
In some cases, yes, but "remote cd" is not a DOS command, it's command from
the client to the server. Kermit, as a good network citizen (increasingly
hard to find these days), doesn't make any assumptions about the file system
or naming syntax of the server. Meanwhile, it allows you to use variables
in any command, such as "remote cd", and variables start with backslash.
The tricky part comes in local file- and directory-related commands, like
"cd", "dir", "send", etc, on DOS or Windows. To take an example from the
documentation:
send c:\%a
Does this mean "send the file whose name is (literally) %A in the root
directory of the C disk"? Or does it mean "send the file on the C disk
whose name is contained in the Kermit variable \%a"?
Some users expect it to do the one; other users, the other. You can't
please everybody. But in K95 we try to anyway using tricks you could
scarcely believe to divine what the user intends by such commands without
forcing them to type double backslashes.
The place where all this falls apart is the RUN command, which takes a
command line to be passed to the system (e.g. DOS) shell. Since Kermit
can't (and can't be expected to) parse every shell command, or even know
what shell will be used to execute it, it has no way of guessing when "\"
is a directory separator and when it's a variable lead-in, or for that
matter something else again. The only way to handle this by giving the
user complete control and being totally consistent. Thus in K95's RUN
commmand, backslashes must always be doubled if you want them taken
literally. You can also double them in other commands for safety, to
thwart K95's "backslash divination" tricks.
GREAT MOMENTS IN THE HISTORY OF COMPUTING: Microsoft, circa 1982, when DOS
2.0 came out and subdirectories were added to the formerly flat DOS file
system: "Let's do it just like in UNIX, but instead of slashes, let's use
backslashes!" ... "Kewl!"
- Frank