Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: 8-bit patch for zle_tricky.c
- X-seq: zsh-workers 1108
- From: Hrvoje.Niksic@xxxxxxxxxxxxxx (Hrvoje Niksic)
- To: A.Main@xxxxxxxxxxxxxxxxx (Zefram)
- Subject: Re: 8-bit patch for zle_tricky.c
- Date: Tue, 21 May 1996 01:08:12 +0200 (MET DST)
- Cc: hniksic@xxxxxxxxxxxxxx, A.Main@xxxxxxxxxxxxxxxxx, hzoli@xxxxxxxxxx, schaefer@xxxxxxx, zsh-workers@xxxxxxxxxxxxxxx
- In-reply-to: <5723.199605202255@xxxxxxxxxxxxxxxxxxxxxxx> from Zefram at "May 20, 96 11:55:09 pm"
- Reply-to: hniksic@xxxxxxxxxxxxxx
In your mail, you said:
[...]
> There's a simple solution to that. Set IFS before using system. IMO,
> setuid programs shouldn't be using system(3), but it is possible to do
> it safely.
Of course. But the point I was trying to make is that not only setuid
scripts, but also setuid C programs calling system (and thus unintentionally
invoking sh) can represent security problems. Which is why IFS is used the
way it is in bash/ksh.
--
hniksic@xxxxxxx | Student of electrical engineering
hniksic@xxxxxxxxxxxxx | University of Zagreb, Croatia
------------------------------------------------------------------
`VI' - An editor used by those heretics that don't subscribe to
the Emacs religion.
Messages sorted by:
Reverse Date,
Date,
Thread,
Author