Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: 8-bit patch for zle_tricky.c

X-seq: zsh-workers 1108
From: Hrvoje.Niksic@xxxxxxxxxxxxxx (Hrvoje Niksic)
To: A.Main@xxxxxxxxxxxxxxxxx (Zefram)
Subject: Re: 8-bit patch for zle_tricky.c
Date: Tue, 21 May 1996 01:08:12 +0200 (MET DST)
Cc: hniksic@xxxxxxxxxxxxxx, A.Main@xxxxxxxxxxxxxxxxx, hzoli@xxxxxxxxxx, schaefer@xxxxxxx, zsh-workers@xxxxxxxxxxxxxxx
In-reply-to: <5723.199605202255@xxxxxxxxxxxxxxxxxxxxxxx> from Zefram at "May 20, 96 11:55:09 pm"
Reply-to: hniksic@xxxxxxxxxxxxxx

In your mail, you said:
[...]
> There's a simple solution to that.  Set IFS before using system.  IMO,
> setuid programs shouldn't be using system(3), but it is possible to do
> it safely.

Of course. But the point I was trying to make is that not only setuid
scripts, but also setuid C programs calling system (and thus unintentionally
invoking sh) can represent security problems. Which is why IFS is used the
way it is in bash/ksh.

-- 
hniksic@xxxxxxx              |  Student of electrical engineering
hniksic@xxxxxxxxxxxxx        |  University of Zagreb, Croatia
------------------------------------------------------------------
`VI' - An editor used by those heretics that don't subscribe to
       the Emacs religion.

Follow-Ups:
- Re: 8-bit patch for zle_tricky.c
  - From: Zefram

References:
- Re: 8-bit patch for zle_tricky.c
  - From: Zefram

Messages sorted by: Reverse Date, Date, Thread, Author