Bug#1041294: xindy mishandles funny filenames

To: submit@bugs.debian.org
Subject: Bug#1041294: xindy mishandles funny filenames
From: Zefram <zefram@fysh.org>
Date: Mon, 17 Jul 2023 01:22:56 +0100
Message-id: <[🔎] ZLSJ4Jfzaslccwy5@fysh.org>
Reply-to: Zefram <zefram@fysh.org>, 1041294@bugs.debian.org

Package: xindy
Version: 2.5.1.20160104-10
Severity: important

xindy(1) does various funny things if a filename contains characters
that are not usually used in filenames:

$ touch '>t0'
$ ls -l
total 0
-rw-rw-r-- 1 zefram zefram 0 Jul 17 01:21 '>t0'
$ xindy '>t0' 2>/dev/null
$ ls -l
total 0
-rw-rw-r-- 1 zefram zefram 0 Jul 17 01:21 '>t0'
-rw-rw-r-- 1 zefram zefram 0 Jul 17 01:21  t0
$ touch '|echo wibble'
$ xindy '|echo wibble' 2>/dev/null
wibble
$

These arise from its use of the <> Perl operator, which is not suitable
for the implementation of a read-from-list-of-files kind of command.
Because the range of misbehaviour includes writing to arbitrary files
and running arbitrary commands, this is a more severe bug than normal.

-zefram

Reply to:

Prev by Date: Re: luametatex_2.10.08+ds-1_amd64.changes REJECTED
Next by Date: Processing of luametatex_2.10.08+ds-1_amd64.changes
Previous by thread: Re: luametatex_2.10.08+ds-1_amd64.changes REJECTED
Next by thread: Bug#1018206: marked as done (luatex loses or changes text when discretionaries with priorities are used)
Index(es):
- Date
- Thread