Re: [PATCH] vfs: hard-ban creating files with control characters in the name

From: Alan Cox
Date: Thu Oct 05 2017 - 09:47:20 EST

> For malformed Unicode or such, it'd make sense, yeah.

Not really. It's legitimate to have bad unicode in a directory, or have a
file system where some users are still in 8bit Russian encoding and some
are unicode for example.

The fix for this has always been the same - don't use shell script and
similar things (php for example) where incorrect quoting causes you to
execute random attacker code.

As most of the waya to attack a shell script are printable symbols like
$, ; ` and * you aren't going to save anyone by adding hacks to the VFS.