Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Avoiding overwriting a symlinked target
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dirk Fieldhouse via curl-users <curl-users_at_lists.haxx.se>
Date: Thu, 30 Dec 2021 17:54:52 +0000
A utility comprising a single executable could normally be installed in
most Unix-like cases by downloading it to /usr/local/bin (via eg, sudo
curl ... -o /usr/local/bin/utility) and setting executable permission.
A user following instructions like this [1] had the problem that the
destination file already existed as a symbolic link to firejail. As a
result the instructions caused the firejail binary to be clobbered and
all the user's supposedly firejailed programs were apparently replaced
by the downloaded utility, until firejail was re-installed.
Although this is an unusual case, the consequences were quite severe. It
would be desirable to be able to give equally simple instructions that
couldn't have that effect, regardless of what else the installation
might have achieved.
Would curl be open to accepting a --unlink (or similar) option that
would cause a to-be-clobbered file to be unlinked rather than
overwritten directly (obviously only for OS/FS combinations where that
makes sense)?
Apart from mention of a forthcoming (2014) but still unrealised
--clobber option I haven't found any discussion that seems relevant.
1.
<https://askubuntu.com/questions/1383688/after-installing-youtube-dl-on-ubuntu-21-10-with-the-instructions-on-github-many>
/df
Date: Thu, 30 Dec 2021 17:54:52 +0000
A utility comprising a single executable could normally be installed in
most Unix-like cases by downloading it to /usr/local/bin (via eg, sudo
curl ... -o /usr/local/bin/utility) and setting executable permission.
A user following instructions like this [1] had the problem that the
destination file already existed as a symbolic link to firejail. As a
result the instructions caused the firejail binary to be clobbered and
all the user's supposedly firejailed programs were apparently replaced
by the downloaded utility, until firejail was re-installed.
Although this is an unusual case, the consequences were quite severe. It
would be desirable to be able to give equally simple instructions that
couldn't have that effect, regardless of what else the installation
might have achieved.
Would curl be open to accepting a --unlink (or similar) option that
would cause a to-be-clobbered file to be unlinked rather than
overwritten directly (obviously only for OS/FS combinations where that
makes sense)?
Apart from mention of a forthcoming (2014) but still unrealised
--clobber option I haven't found any discussion that seems relevant.
1.
<https://askubuntu.com/questions/1383688/after-installing-youtube-dl-on-ubuntu-21-10-with-the-instructions-on-github-many>
/df
-- London SW6 UK -- Unsubscribe: https://lists.haxx.se/listinfo/curl-users Etiquette: https://curl.haxx.se/mail/etiquette.htmlReceived on 2021-12-31