Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: 8-bit patch for zle_tricky.c
- X-seq: zsh-workers 1109
- From: Zefram <A.Main@xxxxxxxxxxxxxxxxx>
- To: hniksic@xxxxxxxxxxxxxx
- Subject: Re: 8-bit patch for zle_tricky.c
- Date: Tue, 21 May 1996 00:36:23 +0100 (BST)
- Cc: A.Main@xxxxxxxxxxxxxxxxx, hzoli@xxxxxxxxxx, schaefer@xxxxxxx, zsh-workers@xxxxxxxxxxxxxxx
- In-reply-to: <199605202308.BAA20042@xxxxxxxxxxxxx> from "Hrvoje Niksic" at May 21, 96 01:08:12 am
>Of course. But the point I was trying to make is that not only setuid
>scripts, but also setuid C programs calling system (and thus unintentionally
>invoking sh) can represent security problems. Which is why IFS is used the
>way it is in bash/ksh.
As I said, it *is* possible for a privileged script to be secure. IMO
it's up to the person writing such scripts to use the methods
available. We shouldn't disable a feature just to make this easier. I
think field splitting should be off by default in zsh, but
SH_WORD_SPLIT or some other option should turn it on. (Maybe
SH_WORD_SPLIT should do field splitting on words, and SH_FIELD_SPLIT
should do the current filed splitting on parameters.)
In any case, this is not a critical issue, and can wait until after 3.0.
-zefram
Messages sorted by:
Reverse Date,
Date,
Thread,
Author