Re: LYNX-DEV ~ -> $HOME in local URLs

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV ~ -> $HOME in local URLs

From:	Robert Bonomi
Subject:	Re: LYNX-DEV ~ -> $HOME in local URLs
Date:	Thu, 12 Jun 1997 17:47:34 -0500 (CDT)

+ Date: Thu, 12 Jun 1997 16:59:15 -0500 (EST)
+ From: Foteos Macrides <address@hidden>
+ Subject: Re: LYNX-DEV ~ -> $HOME in local URLs
+ 
+ >On Thu, 12 Jun 1997 06:46:00 -0700 (PDT), Mike Brown <address@hidden> said:
+ >>> There's a very annoying bug in lynx 2.6 and 2.7: "~"s anywhere in
+ >>> local URLs get substituted by $HOME, so that, for example,
+ >>
+ 
+       It's being done in LYSanctify() if you are on Unix and have
+ DIRED_SUPPORT defined, and in the homologous code (following the
+ #else in LYGetFile.c) if you are not on Unix, or are but don't have
+ DIRED_SUPPORT defined.  If there are no Unix shells which  convert
+ the tilde to $HOME when it does not begin the path, or immediately
+ follows the lead slash of a path, that code could be changed so that
+ the translation occurs only when it is the lead symbolic element of
+ the URL's path.

'sh' does not understand "~" as special, at all.

'csh' invented the concept of "~" as shorthand for "the named user's home
directory", but it is 'special' *only* if it is the lead character of a
'word' (whitespace delimited).   NOTE:  "/~" is _not_ expanded.

'tcsh', 'bash', and 'ksh' all expand "~", according to the rules laid down
by 'csh', to maintain 'compatability', insofar as possible.

the -only- cases where LYNX can legitimately expand '~' are:
        {protocol}://localhost/~{foo}
        {protocol}://localhost/~{foo}/
        {protocol}://localhost/~{foo}/{path}
        {protocol}://localhost/~{foo}/{path}/

where "{foo}" is an *optional* username specification.

In the case of:
        {protocol}://{arbitraryhost}/~foo
    and all varients,

LYNX must *NOT* expand '~', because it has -no- idea how _that_ host will
interpret/expand it.


In other words:
  "~" should be treated as special *ONLY* when it is the _first_ character
          of the _first_ element =following= the host specification.  IF AND 
ONLY
          IF the host specification is 'localhost'.

Using 'csh's interpretation rules:
  if "{foo}" is present, then a 'getpwent()' look-up should be done on
         that name, to determine A) if it is a valid userid, and b) if so,
         the associated 'home' directory.  If valid, then the 'home' directory
         is substituted for "~{foo}".  If it is _not_ a valid userid, then an
         -error- condition is signaled, and no further processing occurs.
 if "{foo}" is absent, then a getpwent() look-up on the 'current logged-in
         userid' is done.  This is -known- to be a valid userid, and the assoc-
         iated 'home' directory is substituted for '~'.

Also, there appear to be some "interesting" interactions with the code that
expands (and makes 'guesses' about what was 'really meant') by a 'short-form'
specification like:
          {arbitraryhost}/~{foo}/{path}

If all the 'guessed' variations on '{arbitraryhost}' fail to resolve, 
the final guess seems to be 'try as a local file', and a URL of:
        file://localhost/{arbitraryhost as directoryname}/
              {*expanded*homedirectory}/{path}
gets tried.  This expansion is -wrong-.

+                  However, "~davis" instead of just '~' as the lead
+ symbolic element should still be sabatoged for file URLs, which is
+ LYSanctify()'s and the alternate code's intent, because you only
+ need '~' if you're running Lynx in the "davis" account, and it
+ has heretofore been considered a security risk to honor file URLs
+ for other accounts unless an expanded path was used in the first
+ place ("Gee, I know John Davis is on this machine, and I wonder if
+ I can get Lynx to give me a directory listing of his account, so I
+ can poke around in it and see if it has any juicy files he should
+ have protected, but didn't!").

I would suggest that this is 'unrealistic', because, among other things,
a "ls ~{user}" would provide _exactly_ the same information.  Additionally,
in large installations, various user 'home' directories may exist in 
radically different places, and may not even be stable from day to day. 
i.e., the home directory for davis may be "/home/davis" one day, and get
changed to "/disk/d4/users/davis" overnight.  "~user", however, is a _stable_
reference that is -not- invalidated by such a reorganization/re-allocation of
resources by system administrators.  Thus, "~user" is a *preferred* means of
specifying a location, versus an absolute path.

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV ~ -> $HOME in local URLs, Eduardo Ochs, 1997/06/12
- Re: LYNX-DEV ~ -> $HOME in local URLs, Mike Brown, 1997/06/12
  - Re: LYNX-DEV ~ -> $HOME in local URLs, Larry W. Virden, x2487, 1997/06/12
  - Re: LYNX-DEV ~ -> $HOME in local URLs, Mike Brown, 1997/06/12
- Re: LYNX-DEV ~ -> $HOME in local URLs, John E. Davis, 1997/06/12
- Re: LYNX-DEV ~ -> $HOME in local URLs, Foteos Macrides, 1997/06/12
- Re: LYNX-DEV ~ -> $HOME in local URLs, Robert Bonomi <=

Prev by Date: Re: LYNX-DEV ~ -> $HOME in local URLs
Next by Date: LYNX-DEV fotemods.zip update
Previous by thread: Re: LYNX-DEV ~ -> $HOME in local URLs
Next by thread: LYNX-DEV Using $HOME/.lynx to store lynx config files
Index(es):
- Date
- Thread